diff options
author | travis%sedsystems.ca <> | 2008-04-04 13:47:20 +0200 |
---|---|---|
committer | travis%sedsystems.ca <> | 2008-04-04 13:47:20 +0200 |
commit | 21bc2feb67ab501b9b1abddf207c18fdba00eec0 (patch) | |
tree | 008b53c1d1a3c4b537a5973fd2769874e7d189c5 | |
parent | 529a67313e472eb6705c9b76286b7552bab21c74 (diff) | |
download | bugzilla-21bc2feb67ab501b9b1abddf207c18fdba00eec0.tar.gz bugzilla-21bc2feb67ab501b9b1abddf207c18fdba00eec0.tar.xz |
Bug 233592 : Apache config section: missing info, extraneous info, generally confusing.
Patch by Shane H. W. Travis <travis@sedsystems.ca> r=colin.ogilvie
-rw-r--r-- | docs/en/xml/installation.xml | 140 |
1 files changed, 98 insertions, 42 deletions
diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index a7de5d674..af9852b62 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1,5 +1,5 @@ <!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> --> -<!-- $Id: installation.xml,v 1.89 2008/04/04 06:47:19 travis%sedsystems.ca Exp $ --> +<!-- $Id: installation.xml,v 1.90 2008/04/04 06:47:20 travis%sedsystems.ca Exp $ --> <chapter id="installing-bugzilla"> <title>Installing Bugzilla</title> @@ -744,52 +744,108 @@ <section id="http"> <title>Web server</title> - <para>Configure your web server according to the instructions in the - appropriate section. The Bugzilla Team recommends Apache. No matter - what webserver you choose, make sure that sensitive information is - not remotely available by ensuring that the access controls in - <xref linkend="security-webserver-access"/> are properly applied. + <para> + Configure your web server according to the instructions in the + appropriate section. (If it makes a difference in your choice, + the Bugzilla Team recommends Apache.) Regardless of which webserver + you are using, however, ensure that sensitive information is + not remotely available by properly applying the access controls in + <xref linkend="security-webserver-access"/>. </para> <section id="http-apache"> <title>Apache <productname>httpd</productname></title> + + <para> + To configure your Apache web server to work with Bugzilla, + do the following: + </para> - <para>Load <filename>httpd.conf</filename> in your editor.</para> - - <para>Uncomment (or add) the following line. - This configures Apache to run .cgi files outside the - <filename class="directory">cgi-bin</filename> directory. - </para> - - <programlisting> AddHandler cgi-script .cgi</programlisting> - - <para>Apache uses <computeroutput><Directory></computeroutput> - directives to permit fine-grained permission setting. - Add the following two lines to a - <computeroutput><Directory></computeroutput> directive that - applies either to the Bugzilla directory or one of its parents - (e.g. the <computeroutput><Directory /var/www/html></computeroutput> - directive). - This allows Bugzilla's <filename>.htaccess</filename> files to - override global permissions, and allows .cgi files to run in the - Bugzilla directory. - </para> - - <programlisting> Options +ExecCGI +FollowSymLinks - AllowOverride Limit</programlisting> - - <para>Add <filename>index.cgi</filename> to the end - of the <computeroutput>DirectoryIndex</computeroutput> - line.</para> - - <para><filename>checksetup.pl</filename> can set tighter permissions - on Bugzilla's files and directories if it knows what group the - webserver runs as. Look for the <computeroutput>Group</computeroutput> - line in <filename>httpd.conf</filename>, and place that value in - the <replaceable>$webservergroup</replaceable> variable in - <filename>localconfig</filename>. Then rerun - <filename>checksetup.pl</filename>. - </para> + <procedure> + <step> + <para> + Load <filename>httpd.conf</filename> in your editor. + In Fedora and Red Hat Linux, this file is found in + <filename class="directory">/etc/httpd/conf</filename>. + </para> + </step> + + <step> + <para> + Apache uses <computeroutput><Directory></computeroutput> + directives to permit fine-grained permission setting. Add the + following lines to a directive that applies to the location + of your Bugzilla installation. (If such a section does not + exist, you'll want to add one.) In this example, Bugzilla has + been installed at + <filename class="directory">/var/www/html/bugzilla</filename>. + </para> + + <programlisting> +<Directory /var/www/html/bugzilla> + AddHandler cgi-script .cgi + Options +Indexes +ExecCGI + DirectoryIndex index.cgi + AllowOverride Limit +</Directory> + </programlisting> + + <para> + These instructions: allow apache to run .cgi files found + within the bugzilla directory; instructs the server to look + for a file called <filename>index.cgi</filename> if someone + only types the directory name into the browser; and allows + Bugzilla's <filename>.htaccess</filename> files to override + global permissions. + </para> + + <note> + <para> + It is possible to make these changes globally, or to the + directive controlling Bugzilla's parent directory (e.g. + <computeroutput><Directory /var/www/html/></computeroutput>). + Such changes would also apply to the Bugzilla directory... + but they would also apply to many other places where they + may or may not be appropriate. In most cases, including + this one, it is better to be as restrictive as possible + when granting extra access. + </para> + </note> + </step> + + <step> + <para> + <filename>checksetup.pl</filename> can set tighter permissions + on Bugzilla's files and directories if it knows what group the + webserver runs as. Find the <computeroutput>Group</computeroutput> + line in <filename>httpd.conf</filename>, place the value found + there in the <replaceable>$webservergroup</replaceable> variable + in <filename>localconfig</filename>, then rerun + <filename>checksetup.pl</filename>. + </para> + </step> + + <step> + <para> + Optional: If Bugzilla does not actually reside in the webspace + directory, but instead has been symbolically linked there, you + will need to add the following to the + <computeroutput>Options</computeroutput> line of the Bugzilla + <computeroutput><Directory></computeroutput> directive + (the same one as in the step above): + </para> + + <programlisting> + +FollowSymLinks + </programlisting> + + <para> + Without this directive, Apache will not follow symbolic links + to places outside its own directory structure, and you will be + unable to run Bugzilla. + </para> + </step> + </procedure> </section> <section id="http-iis"> |