[rt-users] 4.0.5 FastCGI nightmare

Jeff Blaine jblaine at kickflop.net
Tue Feb 21 20:49:23 EST 2012 

Well now.  What a total waste of 4 hours so far :(  It's
a shame this is what web app deployment is in 2012 still.
I remember this same old sort of crap from a decade ago.

If anyone has any ideas, please share.

I'm choosing FastCGI so that I can use my own Perl build,
and not Red Hat's built into mod_perl.

I've read docs/web_deployment.pod.  It includes an Apache
snippet, doesn't mention suexec configuration like the wiki
does, doesn't mention the suexec DocumentRoot restriction,
etc...  Not a very useful document here so far.

Here's rt-server.fcgi below, copied into the spot where Red Hat's
"suexec" *must* find it located (under the compiled-in
DocumentRoot).  As you can see, it is owned by the
suexec-destination user and group so suexec is happy:

[root at rtdev1 httpd]#
[root at rtdev1 ~]# cd /var/www
[root at rtdev1 www]# ls -ld .
drwxr-xr-x 7 root root 4096 Feb 21 20:05 ./
[root at rtdev1 www]# ls -ld fcgi/
dr-xr-xr-x 2 rt rt 4096 Feb 21 20:12 fcgi//
[root at rtdev1 www]# ls -ld fcgi/rt-server.fcgi
-r-xr-xr-x 1 rt rt 8043 Feb 21 20:12 fcgi/rt-server.fcgi*
[root at rtdev1 www]#

LoadModule fastcgi_module modules/mod_fastcgi.so
FastCgiWrapper /usr/sbin/suexec
FastCgiServer /var/www/fcgi/rt-server.fcgi -processes 5 -idle-timeout 
300 -user rt -group rt
<VirtualHost 1xx.xx.xx.xx:443>
     DocumentRoot /apps/rt4/share/html
     AddDefaultCharset UTF-8

     Alias /NoAuth/images/ /apps/rt4/share/html/NoAuth/images/
     ScriptAlias / /var/www/fcgi/rt-server.fcgi/
     SuexecUserGroup rt rt
     <Location />
         Options +ExecCGI
         AddHandler fastcgi-script fcgi
         Order allow,deny
         Allow from all
     </Location>
</VirtualHost>

suexec.log states everything is fine:

[2012-02-21 20:29:03]: uid: (rt/rt) gid: (rt/rt) cmd: rt-server.fcgi

Apache reports this:

[Tue Feb 21 20:33:40 2012] [warn] FastCGI: server 
"/var/www/fcgi/rt-server.fcgi" has failed to remain running for 30 
seconds given 3 attempts, its restart interval has been backed off to 
600 seconds

And the browser just spins for a LONG time, then finally
throws a 500 Internal Server Error.

Testing shows this:

[root at rtdev1 httpd]# sudo -u apache /var/www/fcgi/rt-server.fcgi --port 9999
WARNING: RT couldn't start up a web server on port 9999.
This is often the case if the port is already in use or you're running 
/var/www/fcgi/rt-server.fcgi
as someone other than your system's "root" user.  You may also specify a
temporary port with: /var/www/fcgi/rt-server.fcgi --port <port>
Please check your system configuration or choose another port

I get the same exact error if I run rt-server.fcgi as root,
so it's not a permissions problem.

More information about the rt-users mailing list