diff options
author | gerv%gerv.net <> | 2002-07-28 07:00:17 +0200 |
---|---|---|
committer | gerv%gerv.net <> | 2002-07-28 07:00:17 +0200 |
commit | d8caf6045d10344c431918128e3803ca497565f3 (patch) | |
tree | 1b2fbc50e442b6413a4ef0949e8ff7eed1df1361 /docs/html/extraconfig.html | |
parent | a9bb18746686c1bf5497e27f7ac2e12d0e3fc31a (diff) | |
download | bugzilla-d8caf6045d10344c431918128e3803ca497565f3.tar.gz bugzilla-d8caf6045d10344c431918128e3803ca497565f3.tar.xz |
Merging new docs from 2.16 branch.
Diffstat (limited to 'docs/html/extraconfig.html')
-rw-r--r-- | docs/html/extraconfig.html | 726 |
1 files changed, 726 insertions, 0 deletions
diff --git a/docs/html/extraconfig.html b/docs/html/extraconfig.html new file mode 100644 index 000000000..fb8ceb445 --- /dev/null +++ b/docs/html/extraconfig.html @@ -0,0 +1,726 @@ +<HTML +><HEAD +><TITLE +>Optional Additional Configuration</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ +"><LINK +REL="HOME" +TITLE="The Bugzilla Guide" +HREF="index.html"><LINK +REL="UP" +TITLE="Installation" +HREF="installation.html"><LINK +REL="PREVIOUS" +TITLE="Step-by-step Install" +HREF="stepbystep.html"><LINK +REL="NEXT" +TITLE="Win32 Installation Notes" +HREF="win32.html"></HEAD +><BODY +CLASS="section" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="NAVHEADER" +><TABLE +SUMMARY="Header navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TH +COLSPAN="3" +ALIGN="center" +>The Bugzilla Guide</TH +></TR +><TR +><TD +WIDTH="10%" +ALIGN="left" +VALIGN="bottom" +><A +HREF="stepbystep.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="80%" +ALIGN="center" +VALIGN="bottom" +>Chapter 4. Installation</TD +><TD +WIDTH="10%" +ALIGN="right" +VALIGN="bottom" +><A +HREF="win32.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +></TABLE +><HR +ALIGN="LEFT" +WIDTH="100%"></DIV +><DIV +CLASS="section" +><H1 +CLASS="section" +><A +NAME="extraconfig">4.2. Optional Additional Configuration</H1 +><DIV +CLASS="section" +><H2 +CLASS="section" +><A +NAME="AEN845">4.2.1. Dependency Charts</H2 +><P +>As well as the text-based dependency graphs, Bugzilla also + supports dependency graphing, using a package called 'dot'. + Exactly how this works is controlled by the 'webdotbase' parameter, + which can have one of three values: + </P +><P +> <P +></P +><OL +TYPE="1" +><LI +><P +> A complete file path to the command 'dot' (part of + <A +HREF="http://www.graphviz.org/" +TARGET="_top" +>GraphViz</A +>) + will generate the graphs locally + </P +></LI +><LI +><P +> A URL prefix pointing to an installation of the webdot package will + generate the graphs remotely + </P +></LI +><LI +><P +> A blank value will disable dependency graphing. + </P +></LI +></OL +> + </P +><P +>So, to get this working, install + <A +HREF="http://www.graphviz.org/" +TARGET="_top" +>GraphViz</A +>. If you + do that, you need to + <A +HREF="http://httpd.apache.org/docs/mod/mod_imap.html" +TARGET="_top" +>enable + server-side image maps</A +> in Apache. + Alternatively, you could set up a webdot server, or use the AT&T + public webdot server (the + default for the webdotbase param). Note that AT&T's server won't work + if Bugzilla is only accessible using HTTPS. + </P +></DIV +><DIV +CLASS="section" +><H2 +CLASS="section" +><A +NAME="AEN860">4.2.2. Bug Graphs</H2 +><P +>As long as you installed the GD and Graph::Base Perl modules you + might as well turn on the nifty Bugzilla bug reporting graphs.</P +><P +>Add a cron entry like this to run + <TT +CLASS="filename" +>collectstats.pl</TT +> + daily at 5 after midnight: + <P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +> <TT +CLASS="computeroutput" +> <TT +CLASS="prompt" +>bash#</TT +> + + <B +CLASS="command" +>crontab -e</B +> + </TT +> + </TD +></TR +><TR +><TD +> <TT +CLASS="computeroutput" +>5 0 * * * cd <your-bugzilla-directory> ; + ./collectstats.pl</TT +> + </TD +></TR +></TBODY +></TABLE +><P +></P +> + </P +><P +>After two days have passed you'll be able to view bug graphs from + the Bug Reports page.</P +></DIV +><DIV +CLASS="section" +><H2 +CLASS="section" +><A +NAME="AEN873">4.2.3. The Whining Cron</H2 +><P +>By now you have a fully functional Bugzilla, but what good are + bugs if they're not annoying? To help make those bugs more annoying you + can set up Bugzilla's automatic whining system to complain at engineers + which leave their bugs in the NEW state without triaging them. + </P +><P +> This can be done by + adding the following command as a daily crontab entry (for help on that + see that crontab man page): + <P +></P +><TABLE +BORDER="0" +><TBODY +><TR +><TD +> <TT +CLASS="computeroutput" +> <B +CLASS="command" +>cd <your-bugzilla-directory> ; + ./whineatnews.pl</B +> + </TT +> + </TD +></TR +></TBODY +></TABLE +><P +></P +> + </P +><DIV +CLASS="tip" +><P +></P +><TABLE +CLASS="tip" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="../images/tip.gif" +HSPACE="5" +ALT="Tip"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>Depending on your system, crontab may have several manpages. + The following command should lead you to the most useful page for + this purpose: + <TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD +><FONT +COLOR="#000000" +><PRE +CLASS="programlisting" +>man 5 crontab</PRE +></FONT +></TD +></TR +></TABLE +> + </P +></TD +></TR +></TABLE +></DIV +></DIV +><DIV +CLASS="section" +><H2 +CLASS="section" +><A +NAME="bzldap">4.2.4. LDAP Authentication</H2 +><P +> <DIV +CLASS="warning" +><P +></P +><TABLE +CLASS="warning" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="../images/warning.gif" +HSPACE="5" +ALT="Warning"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>This information on using the LDAP + authentication options with Bugzilla is old, and the authors do + not know of anyone who has tested it. Approach with caution. + </P +></TD +></TR +></TABLE +></DIV +> + </P +><P +> The existing authentication + scheme for Bugzilla uses email addresses as the primary user ID, and a + password to authenticate that user. All places within Bugzilla where + you need to deal with user ID (e.g assigning a bug) use the email + address. The LDAP authentication builds on top of this scheme, rather + than replacing it. The initial log in is done with a username and + password for the LDAP directory. This then fetches the email address + from LDAP and authenticates seamlessly in the standard Bugzilla + authentication scheme using this email address. If an account for this + address already exists in your Bugzilla system, it will log in to that + account. If no account for that email address exists, one is created at + the time of login. (In this case, Bugzilla will attempt to use the + "displayName" or "cn" attribute to determine the user's full name.) + After authentication, all other user-related tasks are still handled by + email address, not LDAP username. You still assign bugs by email + address, query on users by email address, etc. + </P +><P +>Using LDAP for Bugzilla authentication requires the + Mozilla::LDAP (aka PerLDAP) Perl module. The + Mozilla::LDAP module in turn requires Netscape's Directory SDK for C. + After you have installed the SDK, then install the PerLDAP module. + Mozilla::LDAP and the Directory SDK for C are both + <A +HREF="http://www.mozilla.org/directory/" +TARGET="_top" +>available for + download</A +> from mozilla.org. + </P +><P +> Set the Param 'useLDAP' to "On" **only** if you will be using an LDAP + directory for + authentication. Be very careful when setting up this parameter; if you + set LDAP authentication, but do not have a valid LDAP directory set up, + you will not be able to log back in to Bugzilla once you log out. (If + this happens, you can get back in by manually editing the data/params + file, and setting useLDAP back to 0.) + </P +><P +>If using LDAP, you must set the + three additional parameters: Set LDAPserver to the name (and optionally + port) of your LDAP server. If no port is specified, it defaults to the + default port of 389. (e.g "ldap.mycompany.com" or + "ldap.mycompany.com:1234") Set LDAPBaseDN to the base DN for searching + for users in your LDAP directory. (e.g. "ou=People,o=MyCompany") uids + must be unique under the DN specified here. Set LDAPmailattribute to + the name of the attribute in your LDAP directory which contains the + primary email address. On most directory servers available, this is + "mail", but you may need to change this. + </P +></DIV +><DIV +CLASS="section" +><H2 +CLASS="section" +><A +NAME="content-type">4.2.5. Preventing untrusted Bugzilla content from executing malicious + Javascript code</H2 +><P +>It is possible for a Bugzilla to execute malicious Javascript + code. Due to internationalization concerns, we are unable to + incorporate the code changes necessary to fulfill the CERT advisory + requirements mentioned in + <A +HREF="http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3" +TARGET="_top" +> http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3</A +>. + Executing the following code snippet from a UNIX command shell will + rectify the problem if your Bugzilla installation is intended for an + English-speaking audience. As always, be sure your Bugzilla + installation has a good backup before making changes, and I recommend + you understand what the script is doing before executing it.</P +><P +> <TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD +><FONT +COLOR="#000000" +><PRE +CLASS="programlisting" +>bash# perl -pi -e "s/Content-Type\: text\/html/Content-Type\: text\/html\; charset=ISO-8859-1/i" *.cgi *.pl + </PRE +></FONT +></TD +></TR +></TABLE +> + </P +><P +>All this one-liner command does is search for all instances of + <SPAN +CLASS="QUOTE" +>"Content-type: text/html"</SPAN +> + + and replaces it with + <SPAN +CLASS="QUOTE" +>"Content-Type: text/html; charset=ISO-8859-1"</SPAN +> + + . This specification prevents possible Javascript attacks on the + browser, and is suggested for all English-speaking sites. For + non-English-speaking Bugzilla sites, I suggest changing + <SPAN +CLASS="QUOTE" +>"ISO-8859-1"</SPAN +>, above, to + <SPAN +CLASS="QUOTE" +>"UTF-8"</SPAN +>.</P +><P +>Note: using <meta> tags to set the charset is not + recommended, as there's a bug in Netscape 4.x which causes pages + marked up in this way to load twice.</P +></DIV +><DIV +CLASS="section" +><H2 +CLASS="section" +><A +NAME="htaccess">4.2.6. <TT +CLASS="filename" +>.htaccess</TT +> + files and security</H2 +><P +>To enhance the security of your Bugzilla installation, Bugzilla's + <TT +CLASS="filename" +>checksetup.pl</TT +> script will generate + <I +CLASS="glossterm" +> <TT +CLASS="filename" +>.htaccess</TT +> + </I +> + + files which the Apache webserver can use to restrict access to the + bugzilla data files. + These .htaccess files will not work with Apache 1.2.x - but this + has security holes, so you shouldn't be using it anyway. + <DIV +CLASS="note" +><P +></P +><TABLE +CLASS="note" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="../images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +>If you are using an alternate provider of + <SPAN +CLASS="productname" +>webdot</SPAN +> + + services for graphing (as described when viewing + <TT +CLASS="filename" +>editparams.cgi</TT +> + + in your web browser), you will need to change the ip address in + <TT +CLASS="filename" +>data/webdot/.htaccess</TT +> + + to the ip address of the webdot server that you are using.</P +></TD +></TR +></TABLE +></DIV +> + </P +><P +>The default .htaccess file may not provide adequate access + restrictions, depending on your web server configuration. Be sure to + check the <Directory> entries for your Bugzilla directory so that + the + <TT +CLASS="filename" +>.htaccess</TT +> + + file is allowed to override web server defaults. For instance, let's + assume your installation of Bugzilla is installed to + <TT +CLASS="filename" +>/usr/local/bugzilla</TT +> + + . You should have this <Directory> entry in your + <TT +CLASS="filename" +>httpd.conf</TT +> + + file:</P +><P +> +<TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD +><FONT +COLOR="#000000" +><PRE +CLASS="programlisting" +> <Directory /usr/local/bugzilla/> + Options +FollowSymLinks +Indexes +Includes +ExecCGI + AllowOverride All +</Directory> +</PRE +></FONT +></TD +></TR +></TABLE +> + + </P +><P +>The important part above is + <SPAN +CLASS="QUOTE" +>"AllowOverride All"</SPAN +> + + . Without that, the + <TT +CLASS="filename" +>.htaccess</TT +> + + file created by + <TT +CLASS="filename" +>checksetup.pl</TT +> + + will not have sufficient permissions to protect your Bugzilla + installation.</P +><P +>If you are using Internet Information Server (IIS) or another + web server which does not observe + <TT +CLASS="filename" +>.htaccess</TT +> + conventions, you can disable their creation by editing + <TT +CLASS="filename" +>localconfig</TT +> + and setting the + <TT +CLASS="varname" +>$create_htaccess</TT +> + variable to + <TT +CLASS="parameter" +><I +>0</I +></TT +>. + </P +></DIV +><DIV +CLASS="section" +><H2 +CLASS="section" +><A +NAME="mod-throttle">4.2.7. <TT +CLASS="filename" +>mod_throttle</TT +> + + and Security</H2 +><P +>It is possible for a user, by mistake or on purpose, to access + the database many times in a row which can result in very slow access + speeds for other users. If your Bugzilla installation is experiencing + this problem , you may install the Apache module + <TT +CLASS="filename" +>mod_throttle</TT +> + + which can limit connections by ip-address. You may download this module + at + <A +HREF="http://www.snert.com/Software/Throttle/" +TARGET="_top" +> http://www.snert.com/Software/Throttle/</A +>. + Follow the instructions to install into your Apache install. + <EM +>This module only functions with the Apache web + server!</EM +> + You may use the + <B +CLASS="command" +>ThrottleClientIP</B +> + + command provided by this module to accomplish this goal. See the + <A +HREF="http://www.snert.com/Software/Throttle/" +TARGET="_top" +>Module + Instructions</A +> + for more information.</P +></DIV +></DIV +><DIV +CLASS="NAVFOOTER" +><HR +ALIGN="LEFT" +WIDTH="100%"><TABLE +SUMMARY="Footer navigation table" +WIDTH="100%" +BORDER="0" +CELLPADDING="0" +CELLSPACING="0" +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +><A +HREF="stepbystep.html" +ACCESSKEY="P" +>Prev</A +></TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="index.html" +ACCESSKEY="H" +>Home</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +><A +HREF="win32.html" +ACCESSKEY="N" +>Next</A +></TD +></TR +><TR +><TD +WIDTH="33%" +ALIGN="left" +VALIGN="top" +>Step-by-step Install</TD +><TD +WIDTH="34%" +ALIGN="center" +VALIGN="top" +><A +HREF="installation.html" +ACCESSKEY="U" +>Up</A +></TD +><TD +WIDTH="33%" +ALIGN="right" +VALIGN="top" +>Win32 Installation Notes</TD +></TR +></TABLE +></DIV +></BODY +></HTML +>
\ No newline at end of file |