1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
.. This document is shared among all non-Windows OSes.
.. _apache:
Apache
######
You have three options for running Bugzilla under Apache -
:ref:`mod_cgi <apache-mod_cgi>` (the default), :ref:`mod_perl <apache-mod_perl>`
and :ref:`mod_proxy <apache-mod_proxy>` (to run Bugzilla as a PSGI application).
mod_perl and mod_proxy are faster but take more resources. You should
probably only consider them if your Bugzilla is going to be heavily used.
These instructions require editing the Apache configuration file, which is:
* Fedora/Red Hat: :file:`/etc/httpd/conf/httpd.conf`
* Debian/Ubuntu: :file:`/etc/apache2/apache2.conf`
* Mac OS X: :file:`/etc/apache2/httpd.conf`
Alternatively, on Debian or Ubuntu, you can instead put the below code into a
separate file in the directory :file:`/etc/apache2/sites-enabled/`.
In these instructions, when asked to restart Apache, the command is:
:command:`sudo apachectl start`
(or run it as root if your OS installation does not use sudo).
Securing Apache
===============
When external systems interact with Bugzilla via webservices
(REST/XMLRPC/JSONRPC) they include the user's credentials as part of the URL
(in the "query string"). Therefore, to avoid storing passwords in clear text
on the server we recommend configuring Apache to not include the query string
in its log files.
#. Edit the Apache configuration file (see above).
#. Find the following line in the above mentioned file, which defines the
logging format for ``vhost_combined``:
.. code-block:: apache
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
#. Replace ``%r`` with ``%m %U``.
#. Restart Apache.
.. _apache-mod_cgi:
Apache with mod_cgi
===================
To configure your Apache web server to work with Bugzilla while using
mod_cgi, do the following:
#. Edit the Apache configuration file (see above).
#. Create a ``<Directory>`` directive that applies to the location
of your Bugzilla installation. In this example, Bugzilla has
been installed at :file:`/var/www/html/bugzilla`. On Mac OS X, use
:file:`/Library/WebServer/Documents/bugzilla`.
.. code-block:: apache
<Directory /var/www/html/bugzilla>
AddHandler cgi-script .cgi
Options +ExecCGI +FollowSymLinks
DirectoryIndex index.cgi index.html
AllowOverride All
</Directory>
These instructions allow Apache to run .cgi files found within the Bugzilla
directory; instructs the server to look for a file called :file:`index.cgi`
or, if not found, :file:`index.html` if someone only types the directory name
into the browser; and allows Bugzilla's :file:`.htaccess` files to override
some global permissions.
On some Linux distributions you will need to enable the Apache CGI
module. On Debian/Ubuntu, this is done with:
:command:`sudo a2enmod cgi`
If you find that the webserver is returning the Perl code as text rather
than executing it, then this is the problem.
.. _apache-mod_perl:
Apache with mod_perl
====================
Some configuration is required to make Bugzilla work with Apache
and mod_perl.
.. note:: It is not known whether anyone has even tried mod_perl on Mac OS X.
#. Edit the Apache configuration file (see above).
#. Add the following information, substituting where appropriate with your
own local paths.
.. code-block:: apache
PerlSwitches -w -T
PerlConfigRequire /var/www/html/bugzilla/mod_perl.pl
.. note:: This should be used instead of the <Directory> block
shown above. This should also be above any other ``mod_perl``
directives within the :file:`httpd.conf` and the directives must be
specified in the order above.
.. warning:: You should also ensure that you have disabled ``KeepAlive``
support in your Apache install when utilizing Bugzilla under mod_perl
or you may suffer a
`performance penalty <http://modperlbook.org/html/11-4-KeepAlive.html>`_.
On restarting Apache, Bugzilla should now be running within the
mod_perl environment.
Please bear the following points in mind when considering using Bugzilla
under mod_perl:
* mod_perl support in Bugzilla can take up a HUGE amount of RAM - easily
30MB per httpd child. The more RAM you can get, the better. mod_perl is
basically trading RAM for speed. At least 2GB total system RAM is
recommended for running Bugzilla under mod_perl.
* Under mod_perl, you have to restart Apache if you make any manual change to
any Bugzilla file. You can't just reload--you have to actually
*restart* the server (as in make sure it stops and starts
again). You *can* change :file:`localconfig` and the :file:`params` file
manually, if you want, because those are re-read every time you load a page.
* You must run in Apache's Prefork MPM (this is the default). The Worker MPM
may not work -- we haven't tested Bugzilla's mod_perl support under threads.
(And, in fact, we're fairly sure it *won't* work.)
* Bugzilla generally expects to be the only mod_perl application running on
your entire server. It may or may not work if there are other applications also
running under mod_perl. It does try its best to play nice with other mod_perl
applications, but it still may have conflicts.
* It is recommended that you have one Bugzilla instance running under mod_perl
on your server. Bugzilla has not been tested with more than one instance running.
.. _apache-mod_proxy:
Apache with mod_proxy
=====================
Bugzilla can run as a PSGI application, which greatly improves performance
compared to mod_cgi.
#. Install the `Plack <http://search.cpan.org/~miyagawa/Plack/script/plackup>`_
module. This will install the :file:`plackup` script used below.
#. Run :file:`plackup` from the :file:`bugzilla/` root directory:
:command:`plackup -s Gazelle --port 5000 -E production -a app.psgi`
This command starts :file:`plackup` using the
`Gazelle <http://search.cpan.org/~kazeburo/Gazelle/lib/Gazelle.pm>`_ handler.
Other PSGI handlers can be used, such as
`Starman <http://search.cpan.org/~miyagawa/Starman/lib/Starman.pm>`_.
#. Edit the Apache configuration file (see above).
#. Add the following lines:
.. code-block:: apache
<Location /bugzilla/>
ProxyPreserveHost On
ProxyPass "http://localhost:5000/"
ProxyPassReverse "http://localhost:5000/"
# Will pass either 'https' or 'http' (without quotes).
RequestHeader set X-Forwarded-Proto %{REQUEST_SCHEME}s
# Will pass the original path to the script, required to determine
# if we are on the attachment host.
RequestHeader set X-Forwarded-URI %{REQUEST_URI}s
</Location>
# Do not redirect requests for images and static CSS and JS files.
<LocationMatch "^/bugzilla/(data/(assets|webdot)|graphs|images)/">
ProxyPass "!"
</LocationMatch>
#. Restart Apache.
#. Set the :param:`inbound_proxies` parameter to :paramval:`127.0.0.1`.
|