Trouble/Error with Web deployment httpd/apache/mod_fcgid

RT Users
21

Great information here, thank you for helping me out and providing some
educational background on the options with this as well that helps!..I will
try to tackle this over the course of the next few days/weeks and see how
things go…

SO…possible ignorant question here but…Is there a reason that someone
or better yet Best Practical…doesn’t create and maintain a CentOS/RedHat
& Debian & maybe even Ubuntu packages that contain all the required perl
module dependencies for getting RT/RT-IR up and running instead of forcing
people to resort to installing as many as are published in base/epel via the
OS package manager and then having to manually/fixdeps install a TON
more??? Maybe that’s more difficult?.. but thinking about it on the
surface that just seems much easier on the user base…I’m not sure but am
I onto something here or is that just not doable?

Thanks again!

-Drew

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61003.html

22

Normally this is a mostly automated process. For me, make fixdeps on Ubuntu / Debian usually handles everything outside of one or two packages that need to be pulled off of apt. I think that this centos issue is pretty specific.

Also, there is actually a version of RT available on the apt repo for Ubuntu. http://packages.ubuntu.com/wily/request-tracker4

I’ve used it before although we swapped to an internally maintained system since at the time the package wasn’t regularly updated. Looks like it’s on 4.2.11 right now.-----Original Message-----
From: rt-users [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of dwdixon
Sent: Monday, November 23, 2015 6:18 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

Great information here, thank you for helping me out and providing some educational background on the options with this as well that helps!..I will try to tackle this over the course of the next few days/weeks and see how things go…

SO…possible ignorant question here but…Is there a reason that someone or better yet Best Practical…doesn’t create and maintain a CentOS/RedHat & Debian & maybe even Ubuntu packages that contain all the required perl module dependencies for getting RT/RT-IR up and running instead of forcing people to resort to installing as many as are published in base/epel via the OS package manager and then having to manually/fixdeps install a TON more??? Maybe that’s more difficult?.. but thinking about it on the surface that just seems much easier on the user base…I’m not sure but am I onto something here or is that just not doable?

Thanks again!

-Drew

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61003.html

ARDEN
A Global Company
Celebrating over 50 years of making your life more comfortable!

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.

This OUTBOUND E-mail and Document(s) has been scanned by an Antivirus Server.

23

So basically I restarted my installation of RT from scratch on CentOS
6.7…things have gone pretty smooth so far…now I’m back to where I
started in setting up httpd/Apache to serve up RT. I’ve setup my config in
/etc/httpd/conf.d/rt.conf and here are the contents of that:

### Optional apache logs for RT # Ensure that your log rotation scripts know about these files # ErrorLog /opt/rt4/var/log/apache2.error # TransferLog /opt/rt4/var/log/apache2.access # LogLevel debug 
    AddDefaultCharset UTF-8

    ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

    DocumentRoot "/opt/rt4/share/html"
    <Location />
        Require all granted

        Options +ExecCGI
        AddHandler fcgid-script fcgi
    </Location>
</VirtualHost>

httpd/Apache starts up fine and all seems well and good and should be
according to the documentation…however (again I’m not an Apache expert
here so forgive any obvious mistakes)…but all I’m getting now when I
browse to the system hosting RT is a Apache generic “Index of /” with
nothing listed and the Apache version info…not sure what’s going on
here…the only thing that I can think of is that the apache user does not
have permissions to access the files in /opt/rt4/share/html …the
documentation says NOTHING (that I’ve found) about modifying the permissions
of the files in /opt/rt4/share/html to make apache the owner so I haven’t
yet…

Is this the problem or is something else going on here?

Thanks so much!

-Drew

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61011.html

24

In the folder of the installer of rt execute: make fixpermsOn Nov 24, 2015 6:13 PM, “dwdixon” dwdixon@umich.edu wrote:

So basically I restarted my installation of RT from scratch on CentOS
6.7…things have gone pretty smooth so far…now I’m back to where I
started in setting up httpd/Apache to serve up RT. I’ve setup my config in
/etc/httpd/conf.d/rt.conf and here are the contents of that:

### Optional apache logs for RT # Ensure that your log rotation scripts know about these files # ErrorLog /opt/rt4/var/log/apache2.error # TransferLog /opt/rt4/var/log/apache2.access # LogLevel debug 
    AddDefaultCharset UTF-8

    ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

    DocumentRoot "/opt/rt4/share/html"
    <Location />
        Require all granted

        Options +ExecCGI
        AddHandler fcgid-script fcgi
    </Location>
</VirtualHost>

httpd/Apache starts up fine and all seems well and good and should be
according to the documentation…however (again I’m not an Apache expert
here so forgive any obvious mistakes)…but all I’m getting now when I
browse to the system hosting RT is a Apache generic “Index of /” with
nothing listed and the Apache version info…not sure what’s going on
here…the only thing that I can think of is that the apache user does not
have permissions to access the files in /opt/rt4/share/html …the
documentation says NOTHING (that I’ve found) about modifying the
permissions
of the files in /opt/rt4/share/html to make apache the owner so I haven’t
yet…

Is this the problem or is something else going on here?

Thanks so much!

-Drew


View this message in context:
http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61011.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

25

Thanks much Gerald, I didn’t know about trying that…so I executed the make
fixperms and it seems to have done what it’s supposed to do but still no
luck for me…I noticed in testing that if I edited httpd.conf and changed
the DocumentRoot to /opt/rt4/share/html/ after that when I browsed to RT in
my web browser I got the RT “Almost there” incorrect configuration
page…so I’m assuming that either Apache isn’t picking up my
/etc/httpd/conf.d/rt.conf file configurations for some reason and/or the RT
site content in /opt/rt4/share/html/ is still not accessible by apache
somehow for some reason…if there is anyone running RT 4.2.12 that can
share their configuration files (httpd.conf &
/conf.d/yourRTspecificfile.conf) with me or knows what’s wrong here I’d be
extremely grateful!

Below are my permissions of /opt/rt4/share/html/ are these correct?

pwd && ls -la

/opt/rt4/share/html
total 108
drwxr-xr-x. 21 root bin 4096 Nov 23 20:46 .
drwxr-xr-x. 6 root root 4096 Nov 23 20:46 …
drwxr-xr-x. 11 root bin 4096 Nov 23 20:46 Admin
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 Approvals
drwxr-xr-x. 4 root bin 4096 Nov 23 20:46 Articles
-rw-r–r–. 1 root bin 2201 Nov 23 20:46 autohandler
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 Dashboards
-rw-r–r–. 1 root bin 2285 Nov 23 20:46 dhandler
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 Download
drwxr-xr-x. 15 root bin 4096 Nov 23 20:46 Elements
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 Errors
drwxr-xr-x. 4 root bin 4096 Nov 23 20:46 Helpers
-rw-r–r–. 1 root bin 6027 Nov 23 20:46 index.html
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 Install
-rw-r–r–. 1 root bin 2231 Nov 23 20:46 l
-rw-r–r–. 1 root bin 2188 Nov 23 20:46 l_unsafe
drwxr-xr-x. 5 root bin 4096 Nov 23 20:46 m
drwxr-xr-x. 8 root bin 4096 Nov 23 20:46 NoAuth
drwxr-xr-x. 2 root bin 4096 Nov 23 20:46 Prefs
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 REST
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 Search
drwxr-xr-x. 6 root bin 4096 Nov 23 20:46 SelfService
drwxr-xr-x. 5 root bin 4096 Nov 23 20:46 Ticket
drwxr-xr-x. 2 root bin 4096 Nov 23 20:46 Tools
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 User
drwxr-xr-x. 3 root bin 4096 Nov 23 20:46 Widgets

Thank you!

-Drew

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61021.html

26 
 ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

I’m SHOCKED that your Apache error log says nothing about that…

27

Thaks a lot Bill,

This answer helped me to install rt 4.2.12 on Centos 7 solving my perl
modules problems because they were installed on /root/perl5/

Regards,On Mon, Nov 23, 2015 at 4:06 PM, Bill Cole < rtusers-20090205@billmail.scconsult.com> wrote:

On 23 Nov 2015, at 11:02, dwdixon wrote:

I’m not an Apache/httpd configuration

expert especially when modules are involved so I would GREATLY appreciate
any and all help:

Can’t locate UNIVERSAL/require.pm in @INC (@INC contains:
/opt/rt4/sbin/…/local/lib /opt/rt4/sbin/…/lib /usr/local/lib64/perl5
/usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
/opt/rt4/sbin/…/lib/RT.pm line 60.
BEGIN failed–compilation aborted at /opt/rt4/sbin/…/lib/RT.pm line 60.
Compilation failed in require at /opt/rt4/sbin/rt-server.fcgi line 86.

As others have noted, using CPAN on CentOS 7 can be sketchy. It’s very
easy to be drawn into installing modules locally under /root/perl5/ where
normal Perl programs won’t ever see them or clobbering files owned by
yum-installed packages. Care is needed…

For the immediate issue, you can resolve the problem by enabling the EPEL
repository for yum (see Extra Packages for Enterprise Linux (EPEL) :: Fedora Docs) and
installing the needed module:

    yum install perl-UNIVERSAL-require

HOWEVER, since you have had stuff installed (presumably by CPAN and a
local::lib configuration) in a private place only for use by root with
suitable variables in the environment, you probably want to fix that[1] and
install everything possible for RT via yum, filling in whatever is missing
with CPAN NOT using a private module tree. I recently did this for a
RT4.4rc1 install on CentOS 7 by massaging the output of “make testdeps”
into a whopping huge yum command[2]:

    make testdeps  |fgrep MISSING |egrep -v ' (owner|group)

|>=5.10.'|awk ‘{print $1}’|sort -u |sed ‘s/::/-/g’|sed ‘s/^/perl-/’|
xargs -rt yum list|grep ‘^perl-’ |awk ‘{print $1}’ |xargs -rt yum install -y

Following that (go get a cup of coffee, it will be a while…) you MAY
still have unmet dependencies, since RT demands various modules and
versions of modules that the EPEL and “base” repos don’t have. Those can be
installed from CPAN (or ‘make fixdeps’) after “yum erase”-ing any too-old
versions that were installed with yum.

FOOTNOTES:

[1] Wipe the private tree for root:

            rm -rf /root/perl5/

Remove any lines from /root/.bashrc or /root/.bash_profile like these
which set up the relevant environment variables for local::lib :

            export

PERL_LOCAL_LIB_ROOT=“$PERL_LOCAL_LIB_ROOT:/root/perl5”;
export PERL_MB_OPT=“–install_base /root/perl5”;
export PERL_MM_OPT=“INSTALL_BASE=/root/perl5”;
export PERL5LIB=“/root/perl5/lib/perl5:$PERL5LIB”;
export PATH=“/root/perl5/bin:$PATH”;

[2] ARE YOU CRAZY? Don’t just run that because I said so! Be sure you
understand what it DOES! Test it by breaking the pipeline before that last
xargs and see if what it’s going to install seems sane FOR YOUR SYSTEM.

28

Hi Bill,

I am not seeing anything in my apache error log regarding the config line
you’ve highlighted here, I obtained all the contents of my
/etc/httpd/conf.d/rt.conf file from the RT documentation here
https://www.bestpractical.com/docs/rt/4.2/web_deployment.html#mod_fcgid
I must not be inferring what you’re hinting at perhaps?

It still seems as though apache/httpd is just not picking up my rt.conf file
in the conf.d directory since it seems it’s still trying to serve the
content from the default directory in the default httpd.conf
(/var/www/html/) any idea’s on what may be causing that? Thank you all for
your help and patience with this it is definitely very much appreciated.

rt.conf again for convenience:

### Optional apache logs for RT
# Ensure that your log rotation scripts know about these files
# ErrorLog /opt/rt4/var/log/apache2.error
# TransferLog /opt/rt4/var/log/apache2.access
# LogLevel debug

    AddDefaultCharset UTF-8

    ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

    DocumentRoot "/opt/rt4/share/html"
    <Location />

        Require all granted

        Options +ExecCGI
        AddHandler fcgid-script fcgi
    </Location>
</VirtualHost>

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61029.html

29

Hi Bill,

I am not seeing anything in my apache error log regarding the config
line
you’ve highlighted here, I obtained all the contents of my
/etc/httpd/conf.d/rt.conf file from the RT documentation here
https://www.bestpractical.com/docs/rt/4.2/web_deployment.html#mod_fcgid
I must not be inferring what you’re hinting at perhaps?

It still seems as though apache/httpd is just not picking up my
rt.conf file
in the conf.d directory since it seems it’s still trying to serve the
content from the default directory in the default httpd.conf
(/var/www/html/)

My mistake: I thought it was showing you /opt/rt4/share/html/index.html,
which would have indicated that your rt.conf was being read but the
ScriptAlias line not working. Anything that could cause that would
normally cause Apache to complain, either during its startup or when a
suitable URL was requested.

any idea’s on what may be causing that?

If you’re seeing /var/www/html/ as the document root, that implies
Apache isn’t recognizing the URL you’re giving it as mapping to the
virtual host you’ve defined in rt.conf.

Try running “httpd -S” (basically: a summary of Apache’s parsed
configuration) and see what it says about virtual hosts. My first guess
would be that you need a ServerName directive inside the VirtualHost
block in rt.conf, but it could be a missing Include directive in the
main httpd.conf, incomplete DNS setup, or probably other things I
haven’t thought of.

30

Hi Bill,

Thanks for getting back with me so quickly- I was sort of on the right track
based on what you’ve indicated but long story short I think you’re correct
and this info has helped me further…When I initially did a “httpd -S” I
got:

httpd -S

httpd: Could not reliably determine the server’s fully qualified domain
name, using 127.0.0.1 for ServerName
VirtualHost configuration:
192.168.1.97:80 rt-ir-sandbox.snip.snip.snip.edu
(/etc/httpd/conf.d/rt.conf:1)
Syntax OK

So I then played around with adding the ServerName directive in my rt.conf:

### Optional apache logs for RT # Ensure that your log rotation scripts know about these files # ErrorLog /opt/rt4/var/log/apache2.error # TransferLog /opt/rt4/var/log/apache2.access # LogLevel debug ServerName rt-ir-sandbox.snip.snip.snip.edu AddDefaultCharset UTF-8 
    ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

    DocumentRoot "/opt/rt4/share/html"
    <Location />

        Require all granted

        Options +ExecCGI
        AddHandler fcgid-script fcgi
    </Location>

Still got the same complaining output as above from “httpd -S” after adding
ServerName to rt.conf… so then I added my
rt-ir-sandbox.snip.snip.snip.edu as the ServerName in
/etc/httpd/conf/httpd.conf and when I ran “httpd -S” it stopped
complaining(shown below)…however, this did not change anything with how
apache is serving up content…it’s still trying to serve up contents from
/var/www/html/ as best as I can tell…so I’m still baffled. As far as I
know DNS should be setup sufficiently, my hostname is configured as
“rt-ir-sandbox” on the server and DNS is setup with a static IP address that
is mapped to rt-ir-sandbox.snip.snip.snip.edu and the DNS name seems to be
resolving to the proper IP address.

httpd -S
VirtualHost configuration:
192.168.1.97:80 rt-ir-sandbox.snip.snip.snip.edu
(/etc/httpd/conf.d/rt.conf:1)
Syntax OK

I’m not certain what seems to be the issue at this point…nor why when I
add the ServerName directive to my rt.conf inside it doesn’t
recognize it, and only does when I add it to /etc/httpd/conf/httpd.conf.
You also mentioned I could me missing an Include directive in httpd.conf,
any idea what that might be? This looks to be the Include directive that’s
located in httpd.conf by default that tells apache to pick up the .conf
files in conf.d but I’m pretty baffled at this point why apache still seems
to be trying to serve up things in /var/www/html/ when rt.conf tells it
otherwise…

From /etc/httpd/conf/httpd.conf

Load config files from the config directory “/etc/httpd/conf.d”.

Include conf.d/*.conf

Thanks much again in advance!

-Drew

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61031.html

31

Hi Bill,

Thanks for getting back with me so quickly- I was sort of on the right
track
based on what you’ve indicated but long story short I think you’re
correct
and this info has helped me further…When I initially did a “httpd
-S” I
got:

httpd -S

httpd: Could not reliably determine the server’s fully qualified
domain
name, using 127.0.0.1 for ServerName

That complaint is in the context of the default config that handles
requests Apache can’t determine as being for any virtual host. Not a
serious problem, since you don’t really want that config catching
anything, I assume…

VirtualHost configuration:
192.168.1.97:80 rt-ir-sandbox.snip.snip.snip.edu
(/etc/httpd/conf.d/rt.conf:1)
Syntax OK

So, Apache httpd is seeing the config file for the RT virtual host.
That’s good.

So I then played around with adding the ServerName directive in my
rt.conf:

### Optional apache logs for RT # Ensure that your log rotation scripts know about these files # ErrorLog /opt/rt4/var/log/apache2.error # TransferLog /opt/rt4/var/log/apache2.access # LogLevel debug ServerName rt-ir-sandbox.snip.snip.snip.edu AddDefaultCharset UTF-8 
 ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

 DocumentRoot "/opt/rt4/share/html"
 <Location />

     Require all granted

     Options +ExecCGI
     AddHandler fcgid-script fcgi
 </Location>
******************************************************************

Still got the same complaining output as above from “httpd -S” after
adding
ServerName to rt.conf…

At which point I have to ask what may seem like an insulting question
but really it isn’t meant as such:

Are you restarting Apache after every config change?

Because while “httpd -S” will parse your current config files and tell
you what Apache httpd would do if it was using those files, the live
httpd processes are always using whatever config was parsed and loaded
when their master process (assuming you’re using the pre-fork MPM) was
started.

so then I added my
rt-ir-sandbox.snip.snip.snip.edu as the ServerName in
/etc/httpd/conf/httpd.conf

Don’t do that. Or if you do, remove the VirtualHost “tags” around the
config for RT. You DO NOT want the default host config for Apache
handling requests for RT if you have RT configured inside a virtual host
section. If you tell the default config its name is
rt-ir-sandbox.snip.snip.snip.edu, it will handle requests for
rt-ir-sandbox.snip.snip.snip.edu.
[…]

I’m not certain what seems to be the issue at this point…nor why
when I
add the ServerName directive to my rt.conf inside it
doesn’t
recognize it, and only does when I add it to
/etc/httpd/conf/httpd.conf.
You also mentioned I could me missing an Include directive in
httpd.conf,
any idea what that might be?

Since httpd -S is picking up your rt.conf file, that Include directive
is correct.

The only other thing that comes to mind is the actual RT config in
/opt/rt4/RT_SiteConfig.pm. If you haven’t set WebDomain to
rt-ir-sandbox.snip.snip.snip.edu, RT might (not sure off the top of my
head…) redirect requests to use its default WebDomain, localhost", and
if you’re testing with a browser on the host itself that’ll still work
but hit the default config.

32

Got it, so I removed the ServerName from httpd.conf and set it back to the
default of nothing set for ServerName in httpd.conf. The error you said was
not serious was what triggered me to start messing with ServerName in
httpd.conf so I think that was my problem there. I left ServerName set to
rt-ir-sandbox.snip.snip.snip.edu and restarted httpd (no worries on the
question about restarting httpd after each config change, but, yes- I have
been restarting httpd after every config change).

Once I removed the ServerName from httpd.conf and left it only in rt.conf
I’m starting to see some strange(r) behavior, first when I restart httpd I’m
getting:

service httpd restart

Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server’s fully
qualified domain name, using 127.0.0.1 for ServerName
[ OK ]

On the same (local) server from a private/incognito browser window I’m now
getting the RT login page when I type in the fqdn
(rt-ir-sandbox.snip.snip.snip.edu) in the address bar!! WHOO HOO PROGRESS!

/The problem was that even after running “make fixperms” (which
apparently sets everything it touches to be owned by root:nobody) the apache
user was not in the nobody group so the apache user couldn’t access anything
it needed to!!..so after manually making the apache user a member of the
nobody group I magically got the RT login screen as I described
above!../

However…there is still some major strangeness/problems going on. When I
type localhost in a new incognito browser I get nothing…also when trying
to access the RT login page from a external resource to the server hosting
RT I’m also getting nothing ("No data received…ERR_EMPTY_RESPONSE)…which
is obviously a big problem.

So PROGRESS is good, at least I’m now getting the RT login page locally on
the server while using the fqdn in the local browser on the server…but
something is still very much off…also here is my redacted RT_SiteConfig.pm
… I’ve had the WebDomain set to rt-ir-sandbox.snip.snip.snip.edu
throughout this troubleshooting duration:

Set( $CommentAddress, ‘RT-IR-Test-Comment@snip.edu’ );
Set( $CorrespondAddress, ‘RT-IR-Test-Correspond@snip.edu’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $DatabasePassword, ‘REDACTED’ );
Set( $DatabasePort, ‘’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘rt_user’ );
Set( $Organization, ‘rt-ir-sandbox.snip.snip.snip.edu’ );
Set( $OwnerEmail, ‘RT-IR-Bounce@snip.edu’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘rt-ir-sandbox.snip.snip.snip.edu’ );
Set( $WebPort, ‘80’ );

Set( $WebBaseURL, ‘hxxp://rt-ir-sandbox.snip.snip.snip.edu’ );

Presently commented out
Set( $rtname, ‘rt-ir-sandbox.snip.snip.snip.edu’ );
1;

Thanks again in advance!

-Drew

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61057.html

33

Sorry clarification here"

“I left ServerName set to rt-ir-sandbox.snip.snip.snip.edu and restarted
httpd”

What I meant to say was:

“I left ServerName set to rt-ir-sandbox.snip.snip.snip.edu in my rt.conf
VirtualHost and restarted httpd”

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61058.html

34

Got it, so I removed the ServerName from httpd.conf and set it back to
the
default of nothing set for ServerName in httpd.conf. The error you
said was
not serious was what triggered me to start messing with ServerName in
httpd.conf so I think that was my problem there. I left ServerName
set to
rt-ir-sandbox.snip.snip.snip.edu and restarted httpd (no worries on
the
question about restarting httpd after each config change, but, yes- I
have
been restarting httpd after every config change).

Once I removed the ServerName from httpd.conf and left it only in
rt.conf
I’m starting to see some strange(r) behavior, first when I restart
httpd I’m
getting:

service httpd restart

Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server’s fully
qualified domain name, using 127.0.0.1 for ServerName
[ OK ]

That mostly-harmless (because you don’t want to use the default “main
server” of Apache for anything) error message probably is the result of
the primary non-loopback network interface having an IP address without
proper reverse resolution and/or a system hostname that doesn’t resolve
to any IP address on any interface on the host. Or crap DNS servers or
garbage in /etc/hosts or the obnoxious NetworkMangler “tool” (it’s a
tool alright…) deciding you didn’t mean what you put in a config file.

On the same (local) server from a private/incognito browser window I’m
now
getting the RT login page when I type in the fqdn
(rt-ir-sandbox.snip.snip.snip.edu) in the address bar!! WHOO HOO
PROGRESS!

/The problem was that even after running “make fixperms” (which
apparently sets everything it touches to be owned by root:nobody) the
apache
user was not in the nobody group so the apache user couldn’t access
anything
it needed to!!..so after manually making the apache user a member of
the
nobody group I magically got the RT login screen as I described
above!../

That’s… odd. The RT configure script should have figured out a better
ownership/permissions model and generated a Makefile that did the right
thing for you. There is some stuff in RT that’s 640 or 750, but if
fixperms did the wrong thing it was because configure couldn’t determine
the right owner and/or group, not because the apache user wasn’t in the
right group.

However…there is still some major strangeness/problems going on.
When I
type localhost in a new incognito browser I get nothing…

That’s slightly odd: I’d expect that to get you the default (httpd.conf)
document root.

I STRONGLY recommend a long read of the Apache docs. Particularly:

https://httpd.apache.org/docs/2.4/dns-caveats.html
https://httpd.apache.org/docs/2.4/vhosts/details.html
https://httpd.apache.org/docs/2.4/vhosts/name-based.html

also when trying
to access the RT login page from a external resource to the server
hosting
RT I’m also getting nothing ("No data
received…ERR_EMPTY_RESPONSE)…which
is obviously a big problem.

That sounds like it could be an iptables issue, except that I’d expect
an error complaining about the connection.

Apache’s logs should be helpful if you’re getting a connection and
making a request but then not getting anything back.

So PROGRESS is good, at least I’m now getting the RT login page
locally on
the server while using the fqdn in the local browser on the
server…but
something is still very much off…also here is my redacted
RT_SiteConfig.pm
… I’ve had the WebDomain set to rt-ir-sandbox.snip.snip.snip.edu
throughout this troubleshooting duration:

Set( $CommentAddress, ‘RT-IR-Test-Comment@snip.edu’ );
Set( $CorrespondAddress, ‘RT-IR-Test-Correspond@snip.edu’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $DatabasePassword, ‘REDACTED’ );
Set( $DatabasePort, ‘’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘rt_user’ );
Set( $Organization, ‘rt-ir-sandbox.snip.snip.snip.edu’ );
Set( $OwnerEmail, ‘RT-IR-Bounce@snip.edu’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘rt-ir-sandbox.snip.snip.snip.edu’ );
Set( $WebPort, ‘80’ );

Set( $WebBaseURL, ‘hxxp://rt-ir-sandbox.snip.snip.snip.edu’ );

Presently commented out
Set( $rtname, ‘rt-ir-sandbox.snip.snip.snip.edu’ );
1;

Seems reasonable, but I’d suggest 3 things:

  1. Set( $DatabaseHost, ‘’ );
    This causes RT to connect over the mysql local socket rather than
    TCP to localhost:3306, which means slightly better performance and one
    more network listener you can kill (unless you need that mysqld for
    other things that aren’t local or are too dumb to use sockets)

  2. Remove any mention of WebBaseURL. Unless you have RT behind a proxy
    or have Apache doing HTTPS on a port other than 443, the code in
    RT_Config.pm will build the correct value for you.

  3. Set( $WebPort, ‘443’ );
    Yes, that also means you will need to set up HTTPS in Apache.
    However, if your RT is serving anything other than you on the same host
    (don’t laugh, I’ve seen that) you’re going to want it only every using
    TLS. Even more true if you have it on a campus network of a major public
    university known to operate intensive network sniffing and scanning
    projects as research.

35

Bill Cole-8 wrote

That’s… odd. The RT configure script should have figured out a better
ownership/permissions model and generated a Makefile that did the right
thing for you. There is some stuff in RT that’s 640 or 750, but if
fixperms did the wrong thing it was because configure couldn’t determine
the right owner and/or group, not because the apache user wasn’t in the
right group.

REPLY:
I flubbed up from the begining and just discovered what my first mistake
was (fixable mistake but very annoying)…when I ran ./configure I should
have passed it as such being that I’m installing on RHEL/CentOS…anyone
installing on RHEL/CentOS take note this could save you a lot of time if
you configure this way from the get go I believe:
/
./configure --with-web-user=apache --with-web-group=apache
/

Since the default on RHEL/CentOS is to use the apache:apache user and
group and not www/www-data/nobody as far as I know and with other
distributions.

That’s slightly odd: I’d expect that to get you the default (httpd.conf)
document root.

I STRONGLY recommend a long read of the Apache docs. Particularly:

Issues Regarding DNS and Apache HTTP Server - Apache HTTP Server Version 2.4
An In-Depth Discussion of Virtual Host Matching - Apache HTTP Server Version 2.4
Name-based Virtual Host Support - Apache HTTP Server Version 2.4

REPLY:

Duly noted…The first link helped me immensely! Thank you! I changed my
VirtualHost to use my server’s IP address rather than the FQDN
<VirtualHost 192.168.1.100:80>
… instead of…

That seemed to do the trick and stop the majority of the strangeness I was
experiencing. The rest was permissions issues due to my first mistake
above from what I can tell.

After I installed & enabled the RT-IR addon for RT I had to fix the
permissions here also due to my first mistake as well:

From /opt/rt4/var/mason_data/ … chown -R apache:apache *

This got RT-IR working.

That sounds like it could be an iptables issue, except that I’d expect
an error complaining about the connection.

Apache’s logs should be helpful if you’re getting a connection and
making a request but then not getting anything back.

REPLY:

Again you’re on point sir. I suspected this may be iptables as well but
was slightly caught off guard as my defauly policy for the INPUT & FORWARD
chains were ACCEPT…I did not notice the default DENY rule at the bottom
of the INPUT chain that FILTERS traffic that doesn’t match rules above
it…I re-hashed my iptables rulebase with default DENY for INPUT &
FORWARD and provisioned proper rules above to allow operations of
RT/RT-IR.

Seems reasonable, but I’d suggest 3 things:

  1. Set( $DatabaseHost, ‘’ );
    This causes RT to connect over the mysql local socket rather than
    TCP to localhost:3306, which means slightly better performance and one
    more network listener you can kill (unless you need that mysqld for
    other things that aren’t local or are too dumb to use sockets)

  2. Remove any mention of WebBaseURL. Unless you have RT behind a proxy
    or have Apache doing HTTPS on a port other than 443, the code in
    RT_Config.pm will build the correct value for you.

  3. Set( $WebPort, ‘443’ );
    Yes, that also means you will need to set up HTTPS in Apache.
    However, if your RT is serving anything other than you on the same host
    (don’t laugh, I’ve seen that) you’re going to want it only every using
    TLS. Even more true if you have it on a campus network of a major public
    university known to operate intensive network sniffing and scanning
    projects as research.

REPLY:

Great stuff. I def. implemented item #1 here as this is a better way to
go for my sandbox and for my dev RT/RT-IR servers.

Item #2 I also went ahead and did as recommend as that makes sense.

Item #3 That is the plan once I get to the part where I am building my
production server…I will be setting up apache to use our SSO
implementation here that requires SSL/TLS at our super scanning major
university (I’ve nothing to do with that research other than dealing with
some of its fallout on occasion so trust me I totally understand what you
mean.)

From what I’ve read thus far setting up https/TLS may be a challenge with
RT/RT-IR especially with getting rt-mailgate/e-mail ticket creation
working which is in scope for us so these two things will be my next
challenge…and I’m sure you’ll see posts from me here about in the very
near future : )

On that note…this is the best resource i’ve found on setting up
rt-mailgate/e-mail ticketing…is there something better out there or an
example config/tutorial I do not know about yet?

http://requesttracker.wikia.com/wiki/ManualEmailConfig

Thank you very much for all your help!!!

-Drew

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61071.html

36

Quotes are fixed now if you follow the “View this message in context:” URL in
the previous email from this thread…

View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61072.html