Return-Path: X-Original-To: apmail-bloodhound-user-archive@www.apache.org Delivered-To: apmail-bloodhound-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4F1201037B for ; Tue, 17 Sep 2013 08:55:09 +0000 (UTC) Received: (qmail 33785 invoked by uid 500); 17 Sep 2013 08:54:58 -0000 Delivered-To: apmail-bloodhound-user-archive@bloodhound.apache.org Received: (qmail 33662 invoked by uid 500); 17 Sep 2013 08:54:55 -0000 Mailing-List: contact user-help@bloodhound.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@bloodhound.apache.org Delivered-To: mailing list user@bloodhound.apache.org Received: (qmail 33627 invoked by uid 99); 17 Sep 2013 08:54:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2013 08:54:53 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of j@jdunk.com designates 208.97.132.81 as permitted sender) Received: from [208.97.132.81] (HELO homiemail-a13.g.dreamhost.com) (208.97.132.81) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2013 08:54:46 +0000 Received: from homiemail-a13.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a13.g.dreamhost.com (Postfix) with ESMTP id 38FAE334076 for ; Tue, 17 Sep 2013 01:54:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=jdunk.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to: content-type; s=jdunk.com; bh=f66bboDJaBAI5vpdbEu46Rlu4WM=; b=gM KQOHcJx2N/52HLfKqgwvn55xUEVqZUmmDB/SRLRWrzYgT22QSw0VqWBUjNxlJyvP bVS3wCwO/9UtwctcKYiYgfbuy2u7FrHnmLbQqsaz26dTmew/Uggj/1EHjtoEaoP8 I2pviu+7bVpiZZYrpTRGw8qmWb4TEhPM1N8OqLvoc= Received: from mail-wg0-f45.google.com (mail-wg0-f45.google.com [74.125.82.45]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: j@jdunk.com) by homiemail-a13.g.dreamhost.com (Postfix) with ESMTPSA id 93CD1334072 for ; Tue, 17 Sep 2013 01:54:24 -0700 (PDT) Received: by mail-wg0-f45.google.com with SMTP id y10so4825806wgg.12 for ; Tue, 17 Sep 2013 01:54:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=K+zIMuE7NPqe/FcJ+U4A5wEmuxDdASgMfyRl/7YwOm8=; b=hPLTeAoYBvsBLgnAyM/LhGjyNnDVh6mf7Oi19ZUSNmzNhpdiJIsznARPjpW/esy51R n3Y6xu59ctDTLkKa8PEnKB62bKOvqV+KyLlJ8FB0TcLfl+XQ/euMViCnYX7AdyvNs6hV Xkhk89I2vrsOTMcnpQSNRbZ9KMk3J9z+PvP/3P1iVfDryDxpFTgm2SxuF8bSSGrztpCX mPjPW5PHQS1Uk6m10+HEQN7BZP7yQmDIKTEbcLCRfiX/dfNYlk7gOEr66S6n2w7d9tyo zU4y9HKZQjo1bERPev90pMiOuqExr3TlkjC0S56a3epmRrTT0Ho++i3IqxXDBjCdX4BY SN6g== X-Gm-Message-State: ALoCoQkvAwZm09urFsDv3pl4pnKR/3cvF38uk3cBosWGhkdw22eLKvuRWF/Nw/Bd3SKHI7AB4byT MIME-Version: 1.0 X-Received: by 10.180.210.231 with SMTP id mx7mr1522317wic.5.1379408062942; Tue, 17 Sep 2013 01:54:22 -0700 (PDT) Received: by 10.216.193.72 with HTTP; Tue, 17 Sep 2013 01:54:22 -0700 (PDT) In-Reply-To: References: Date: Tue, 17 Sep 2013 01:54:22 -0700 Message-ID: Subject: Re: Running Bloodhound via apache: 404 From: Jared Duncan To: user@bloodhound.apache.org Content-Type: multipart/alternative; boundary=001a11c25d3297a3d504e690773b X-Virus-Checked: Checked by ClamAV on apache.org --001a11c25d3297a3d504e690773b Content-Type: text/plain; charset=UTF-8 Update: I *was* able to access the UI via apache once I tried the URL: http://bh.mydomain.com/bloodhound instead of just http://bh.mydomain.com/ I was then able to get it to work with the latter URL by changing "/bloodhound" to just "/" in the WSGIScriptAlias and AuthDigestDomain directives, and the LocationMatch block. I swear I did this earlier on a different machine and it completely broke things (I saw a regular trac UI instead of Bloodhound); sorry for any time wasted. If this list is googleable, hopefully this will help someone in the future. The question about the "bloodhound" user's permissions remains, however. On Tue, Sep 17, 2013 at 1:25 AM, Jared Duncan wrote: > Hi list. I was successfully able to install and run bloodhound via tracd > just fine, but I'm getting a strange 404 situation when I try to access it > via apache instead. > > I'm using the same VirtualHost block that was suggested by the > installation doc only with added directives for logging, and a ServerName > and port 80 instead of 8000. > > https://issues.apache.org/bloodhound/wiki/BloodhoundInstall#WebServer > > My VirtualHost: > > > ServerName bh.mydomain.com > > LogLevel warn > ErrorLog /var/log/apache2/bh.mydomain.com-error.log > CustomLog /var/log/apache2/bh.mydomain.com-access.log combined > > WSGIDaemonProcess bh_tracker user=bloodhound > python-path=/usr/local/bloodhound/installer/bloodhound/lib/python2.7/site-packages > WSGIScriptAlias /bloodhound > /usr/local/bloodhound/installer/bloodhound/site/cgi-bin/trac.wsgi > > WSGIProcessGroup bh_tracker > WSGIApplicationGroup %{GLOBAL} > Order deny,allow > Allow from all > > > AuthType Digest > AuthName "Bloodhound" > AuthDigestDomain /bloodhound > AuthUserFile > /usr/local/bloodhound/installer/bloodhound/environments/main/bloodhound.htdigest > Require valid-user > > > > === > > I ran trac-admin deploy and restarted apache of course. What happens, > though, is any attempt to access that VirtualHost at any URI for that > subdomain it's configured for yields a 404, and the error log says this: > > File does not exist: /etc/apache2/htdocs > > I know that it's matching the VirtualHost block because the above error > gets written to the very file I uniquely specified in the ErrorLog > directive within that block. (The unique access log gets hit also.) > > So... anyone have an idea why it would be looking for an "htdocs" > directory within /etc/apache2/ instead of > /usr/local/bloodhound/installer/bloodhound/site/ ? > > In case it's of any help, mod_wsgi emits the following "info" messages > when apache is started: > > [info] mod_wsgi (pid=15156): Attach interpreter ''. > [info] mod_wsgi (pid=15156): Adding > '/usr/local/bloodhound/installer/bloodhound/lib/python2.7/site-packages' to > path. > > === > > Another thing: the Bloodhound installation doc says: > > The user referred to in the WSGIDaemonProcess should be the user that you >> wish bloodhound to be run as and so that user must have the appropriate set >> of permissions to access the Bloodhound installation. Running with any >> special system level privileges should not be required and is not >> recommended. >> > > ...but it says nothing whatsoever about which permissions are needed on > which files/directories, so we are left to completely guess, and doing > something like > > sudo chown -R bloodhound.www-data /usr/local/bloodhound; sudo chmod -R > ug+rwx /usr/local/bloodhound > > ...is ugly, inconvenient, and overly-permissive at best, and breaks things > at worst. Is there a better way? > --001a11c25d3297a3d504e690773b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Update: I *was* able to access the UI via apache once I tr= ied the URL:=C2=A0


instead of just=C2=A0


I was then able to get it to work with th= e latter URL by changing "/bloodhound" to just "/" in t= he=C2=A0WSGIScriptAlias and=C2=A0AuthDigestDoma= in=C2=A0directives, and the LocationMatch block.=C2=A0 I swear I did this earlier on a different mach= ine and it completely broke things (I saw a regular trac UI instead of Bloo= dhound); sorry for any time wasted. =C2=A0If this list is googleable, hopef= ully this will help someone in the future.

The question about the "bloodhound" user'= s permissions remains, however.


On Tue, Sep 17, 2013 at 1:25 AM, Jared Duncan <j@jdunk.c= om> wrote:
Hi list. =C2=A0I was succes= sfully able to install and run bloodhound via tracd just fine, but I'm = getting a strange 404 situation when I try to access it via apache instead.=

I'm using the same VirtualHost block that was suggested = by the installation doc only with added directives for logging, and a Serve= rName and port 80 instead of 8000.


My= VirtualHost:

<VirtualH= ost *:80>
=C2=A0 = =C2=A0 ServerName bh.m= ydomain.com

=C2=A0 =C2=A0 LogLevel warn
=C2=A0 =C2=A0 ErrorLog /var/log/apache2/= bh.mydomain.com-error.log
=C2=A0 =C2=A0 CustomLog /var/log= /apache2/bh.mydomain.com-access.log combined

=C2=A0 =C2=A0 WSGIDaemonProcess bh_tracker user=3Dbloodhound pyth= on-path=3D/usr/local/bloodhound/installer/bloodhound/lib/python2.7/site-pac= kages
=C2=A0 =C2=A0 WSGIScriptAlias /b= loodhound /usr/local/bloodhound/installer/bloodhound/site/cgi-bin/trac.wsgi=
=C2=A0 =C2=A0 <D= irectory /usr/local/bloodhound/installer/bloodhound/site/cgi-bin>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 WSGI= ProcessGroup bh_tracker
=C2=A0 =C2=A0 =C2=A0 =C2=A0 WSGIApplicationGroup %{GLOBAL}
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Orde= r deny,allow
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Allo= w from all
=C2=A0 = =C2=A0 </Directory>
=C2=A0 =C2=A0 <LocationMatch "/bloodhound/[^/]+/login"&g= t;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Auth= Type Digest
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 AuthName "Bloodhound"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 AuthDigestDoma= in /bloodhound
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Auth= UserFile /usr/local/bloodhound/installer/bloodhound/environments/main/blood= hound.htdigest
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 Require valid-user
=C2=A0 =C2=A0 </LocationMatch= >
</VirtualHos= t>

=3D=3D=3D

<= div>I ran trac-admin deploy and restarted apache of course. =C2=A0What happ= ens, though, is any attempt to access that VirtualHost at any URI for that = subdomain it's configured for yields a 404, and the error log says this= :

File does not exi= st: /etc/apache2/htdocs

I know that it&= #39;s matching the VirtualHost block because the above error gets written t= o the very file I uniquely specified in the ErrorLog directive within that = block. =C2=A0(The unique access log gets hit also.)

So... anyone have an idea why it would be looking for a= n "htdocs" directory within /etc/apache2/ instead of /usr= /local/bloodhound/installer/bloodhound/site/ ?

In case it's of any help, mod_wsgi emits the follow= ing "info" messages when apache is started:

<= div>
[info] mod_wsgi (pid=3D15156= ): Attach interpreter ''.
[info] mod_wsgi (pid=3D15156): A= dding '/usr/local/bloodhound/installer/bloodhound/lib/python2.7/site-pa= ckages' to path.

=3D=3D=3D
<= div>
Another thing: the Bloodhound installation doc says:=C2=A0
=

The user referred = to in the WSGIDaemonProcess should be the user that you wish bloodhound to = be run as and so that user must have the appropriate set of permissions to = access the Bloodhound installation. Running with any special system level p= rivileges should not be required and is not recommended.

...but it says nothing whatsoever about wh= ich permissions are needed on which files/directories, so we are left to co= mpletely guess, and doing something like=C2=A0

sudo chown -R bloodhound.www-data /usr/l= ocal/bloodhound; sudo chmod -R ug+rwx /usr/local/bloodhound

...is ugly, inconvenient, and overly-permissive at best= , and breaks things at worst. =C2=A0Is there a better way?

--001a11c25d3297a3d504e690773b--