On 2 Dec 2015, at 12:45, dwdixon wrote:
Got it, so I removed the ServerName from httpd.conf and set it back to
the
default of nothing set for ServerName in httpd.conf. The error you
said was
not serious was what triggered me to start messing with ServerName in
httpd.conf so I think that was my problem there. I left ServerName
set to
rt-ir-sandbox.snip.snip.snip.edu and restarted httpd (no worries on
the
question about restarting httpd after each config change, but, yes- I
have
been restarting httpd after every config change).
Once I removed the ServerName from httpd.conf and left it only in
rt.conf
I'm starting to see some strange(r) behavior, first when I restart
httpd I'm
getting:
**********************************************************
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully
qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
**********************************************************
That mostly-harmless (because you don't want to use the default "main
server" of Apache for anything) error message probably is the result of
the primary non-loopback network interface having an IP address without
proper reverse resolution and/or a system hostname that doesn't resolve
to any IP address on any interface on the host. Or crap DNS servers or
garbage in /etc/hosts or the obnoxious NetworkMangler "tool" (it's a
tool alright...) deciding you didn't mean what you put in a config file.
On the same (local) server from a private/incognito browser window I'm
now
getting the RT login page when I type in the fqdn
(rt-ir-sandbox.snip.snip.snip.edu) in the address bar!! WHOO HOO
PROGRESS!
*/****The problem was that even after running "make fixperms" (which
apparently sets everything it touches to be owned by root:nobody) the
apache
user was not in the nobody group so the apache user couldn't access
anything
it needed to!!...so after manually making the apache user a member of
the
nobody group I magically got the RT login screen as I described
above!...****/*
That's.... odd. The RT configure script should have figured out a better
ownership/permissions model and generated a Makefile that did the right
thing for you. There is some stuff in RT that's 640 or 750, but if
fixperms did the wrong thing it was because configure couldn't determine
the right owner and/or group, not because the apache user wasn't in the
right group.
However...there is still some major strangeness/problems going on.
When I
type localhost in a new incognito browser I get nothing....
That's slightly odd: I'd expect that to get you the default (httpd.conf)
document root.
I STRONGLY recommend a long read of the Apache docs. Particularly:
https://httpd.apache.org/docs/2.4/dns-caveats.html
https://httpd.apache.org/docs/2.4/vhosts/details.html
https://httpd.apache.org/docs/2.4/vhosts/name-based.html
also when trying
to access the RT login page from a external resource to the server
hosting
RT I'm also getting nothing ("No data
received...ERR_EMPTY_RESPONSE)...which
is obviously a big problem.
That sounds like it could be an iptables issue, except that I'd expect
an error complaining about the connection.
Apache's logs should be helpful if you're getting a connection and
making a request but then not getting anything back.
So PROGRESS is good, at least I'm now getting the RT login page
locally on
the server while using the fqdn in the local browser on the
server...but
something is still very much off...also here is my redacted
RT_SiteConfig.pm
... I've had the WebDomain set to rt-ir-sandbox.snip.snip.snip.edu
throughout this troubleshooting duration:
*************************************************************************
Set( $CommentAddress, 'rt-ir-test-comm...@snip.edu' );
Set( $CorrespondAddress, 'rt-ir-test-corresp...@snip.edu' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $DatabasePassword, 'REDACTED' );
Set( $DatabasePort, '' );
Set( $DatabaseType, 'mysql' );
Set( $DatabaseUser, 'rt_user' );
Set( $Organization, 'rt-ir-sandbox.snip.snip.snip.edu' );
Set( $OwnerEmail, 'rt-ir-bou...@snip.edu' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'rt-ir-sandbox.snip.snip.snip.edu' );
Set( $WebPort, '80' );
# Set( $WebBaseURL, 'hxxp://rt-ir-sandbox.snip.snip.snip.edu' ); #
Presently commented out
Set( $rtname, 'rt-ir-sandbox.snip.snip.snip.edu' );
1;
******************************************************************************
Seems reasonable, but I'd suggest 3 things:
1. Set( $DatabaseHost, '' );
This causes RT to connect over the mysql local socket rather than
TCP to localhost:3306, which means slightly better performance and one
more network listener you can kill (unless you need that mysqld for
other things that aren't local or are too dumb to use sockets)
2. Remove any mention of WebBaseURL. Unless you have RT behind a proxy
or have Apache doing HTTPS on a port other than 443, the code in
RT_Config.pm will build the correct value for you.
3. Set( $WebPort, '443' );
Yes, that also means you will need to set up HTTPS in Apache.
However, if your RT is serving anything other than you on the same host
(don't laugh, I've seen that) you're going to want it only every using
TLS. Even more true if you have it on a campus network of a major public
university known to operate intensive network sniffing and scanning
projects as research.
