[rt-users] Apache installation problems

[Dave Sill]

I'm trying to install 3.4.3 following the guide at:

  http://wiki.bestpractical.com/index.cgi?RHEL4InstallGuide

One hitch is that we only allow port 443 access to this machine. So I
added this to /etc/httpd/conf.d/ssl.conf:

NameVirtualHost *:443
<VirtualHost *:443>
  ServerAdmin root
  ServerName rt.ornl.gov:443
  DocumentRoot /opt/rt3/share/html/
  AddDefaultCharset UTF-8
  # Adding the following for RT (the ticket tracker)
  AddHandler fastcgi-script fcgi
  <Directory "/opt/rt3/share/html">
    Options FollowSymLinks ExecCGI
    AllowOverride None
  </Directory>
  # Pass through requests to for noauth
  Alias /NoAuth/ /opt/rt3/share/html/NoAuth/
  ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi/
  ErrorLog logs/error_log
  CustomLog logs/access_log combined
  LogLevel warn
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} ^TRACE
  RewriteRule .* - [F]
</VirtualHost>
#FastCgiIpcDir /tmp
FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120 -processes 4

I had to comment out the FastCgiIpcDir line because I was getting the
error:

Starting httpd: Syntax error on line 285 of /etc/httpd/conf.d/ssl.conf:
FastCgiIpcDir /tmp: can't create dynamic directory "/tmp/dynamic": access for server (uid -1, gid -1) failed: read not allowed

With the above config, when I try to go to https://rt.ornl.gov/rt/ I
get "Forbidden" and the error log says:

[Tue Aug 30 13:40:12 2005] [error] [client 160.91.218.105] client denied by server configuration: /opt/rt3/bin/mason_handler.fcgi

Which makes sense since I don't see anything in the Apache config that
grants access to /opt/rt3/bin.

Finally, even though the installation doc says to disable SELINUX,
I've left it permissive since it shouldn't break anything.

Any ideas what I'm doing wrong?

-Dave