Well now. What a total waste of 4 hours so far :( It's
a shame this is what web app deployment is in 2012 still.
I remember this same old sort of crap from a decade ago.
If anyone has any ideas, please share.
I'm choosing FastCGI so that I can use my own Perl build,
and not Red Hat's built into mod_perl.
I've read docs/web_deployment.pod. It includes an Apache
snippet, doesn't mention suexec configuration like the wiki
does, doesn't mention the suexec DocumentRoot restriction,
etc... Not a very useful document here so far.
Here's rt-server.fcgi below, copied into the spot where Red Hat's
"suexec" *must* find it located (under the compiled-in
DocumentRoot). As you can see, it is owned by the
suexec-destination user and group so suexec is happy:
[root@rtdev1 httpd]#
[root@rtdev1 ~]# cd /var/www
[root@rtdev1 www]# ls -ld .
drwxr-xr-x 7 root root 4096 Feb 21 20:05 ./
[root@rtdev1 www]# ls -ld fcgi/
dr-xr-xr-x 2 rt rt 4096 Feb 21 20:12 fcgi//
[root@rtdev1 www]# ls -ld fcgi/rt-server.fcgi
-r-xr-xr-x 1 rt rt 8043 Feb 21 20:12 fcgi/rt-server.fcgi*
[root@rtdev1 www]#
LoadModule fastcgi_module modules/mod_fastcgi.so
FastCgiWrapper /usr/sbin/suexec
FastCgiServer /var/www/fcgi/rt-server.fcgi -processes 5 -idle-timeout
300 -user rt -group rt
<VirtualHost 1xx.xx.xx.xx:443>
DocumentRoot /apps/rt4/share/html
AddDefaultCharset UTF-8
Alias /NoAuth/images/ /apps/rt4/share/html/NoAuth/images/
ScriptAlias / /var/www/fcgi/rt-server.fcgi/
SuexecUserGroup rt rt
<Location />
Options +ExecCGI
AddHandler fastcgi-script fcgi
Order allow,deny
Allow from all
</Location>
</VirtualHost>
suexec.log states everything is fine:
[2012-02-21 20:29:03]: uid: (rt/rt) gid: (rt/rt) cmd: rt-server.fcgi
Apache reports this:
[Tue Feb 21 20:33:40 2012] [warn] FastCGI: server
"/var/www/fcgi/rt-server.fcgi" has failed to remain running for 30
seconds given 3 attempts, its restart interval has been backed off to
600 seconds
And the browser just spins for a LONG time, then finally
throws a 500 Internal Server Error.
Testing shows this:
[root@rtdev1 httpd]# sudo -u apache /var/www/fcgi/rt-server.fcgi --port 9999
WARNING: RT couldn't start up a web server on port 9999.
This is often the case if the port is already in use or you're running
/var/www/fcgi/rt-server.fcgi
as someone other than your system's "root" user. You may also specify a
temporary port with: /var/www/fcgi/rt-server.fcgi --port <port>
Please check your system configuration or choose another port
I get the same exact error if I run rt-server.fcgi as root,
so it's not a permissions problem.
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 & 6, 2012
