Return-Path: X-Original-To: apmail-bloodhound-user-archive@www.apache.org Delivered-To: apmail-bloodhound-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 167F610B42 for ; Tue, 17 Sep 2013 18:05:33 +0000 (UTC) Received: (qmail 13177 invoked by uid 500); 17 Sep 2013 18:05:30 -0000 Delivered-To: apmail-bloodhound-user-archive@bloodhound.apache.org Received: (qmail 12869 invoked by uid 500); 17 Sep 2013 18:05:21 -0000 Mailing-List: contact user-help@bloodhound.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@bloodhound.apache.org Delivered-To: mailing list user@bloodhound.apache.org Received: (qmail 12098 invoked by uid 99); 17 Sep 2013 18:05:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2013 18:05:19 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of ryan.ollos@wandisco.com designates 209.85.223.177 as permitted sender) Received: from [209.85.223.177] (HELO mail-ie0-f177.google.com) (209.85.223.177) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2013 18:05:13 +0000 Received: by mail-ie0-f177.google.com with SMTP id qd12so10171780ieb.8 for ; Tue, 17 Sep 2013 11:04:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=x7z83pGBmj+7wIwjs5Kl1ga4/7PJPGP6BC9MklMglSU=; b=ds4OW6LQl3fbQaYQBii05NpcdNu1XF/N8wMnQsR0/48qwQVvXombgyBU56TrUv7yNN uY5L76BJWdbY9i32dDy52dGOAUHQ7YESvEW+QXnDkHi73G6QXR7I3639+EyyBBNx+Nvl McQGDGLX5ZQzwM0J0pNtbrchTxoDAC5Piij7JZWv706GwBc3Nurm/CR1JcRwIlM6zPgV +7AhRIPTk83BS1RMCoTpBzIH31ukHXZM8lkGTOQAUGfjPPXu7kyNlxOTtCn0lUJJ7GPu U7LIyQFVr53Mn/o8py4ZhvCuENrcUNdkAMDdBH16vKfvvy1a2PjKnPZXJr5b05C+dLs3 9ngg== X-Gm-Message-State: ALoCoQn/9kaBfQt2nvCVeUJDw1lnX81jCtkMbshEWBWQv/VGmUVJtDYYlxH+5dX+yxsteV38sI4O MIME-Version: 1.0 X-Received: by 10.50.118.105 with SMTP id kl9mr1545359igb.3.1379441090092; Tue, 17 Sep 2013 11:04:50 -0700 (PDT) Received: by 10.64.233.163 with HTTP; Tue, 17 Sep 2013 11:04:50 -0700 (PDT) In-Reply-To: References: Date: Tue, 17 Sep 2013 11:04:50 -0700 Message-ID: Subject: Re: Running Bloodhound via apache: 404 From: Ryan Ollos To: user@bloodhound.apache.org Content-Type: multipart/alternative; boundary=089e011769cf29f2d404e69828c3 X-Virus-Checked: Checked by ClamAV on apache.org --089e011769cf29f2d404e69828c3 Content-Type: text/plain; charset=ISO-8859-1 On Tue, Sep 17, 2013 at 1:25 AM, Jared Duncan wrote: > Hi list. I was successfully able to install and run bloodhound via tracd > just fine, but I'm getting a strange 404 situation when I try to access it > via apache instead. > > I'm using the same VirtualHost block that was suggested by the > installation doc only with added directives for logging, and a ServerName > and port 80 instead of 8000. > > https://issues.apache.org/bloodhound/wiki/BloodhoundInstall#WebServer > > My VirtualHost: > > > ServerName bh.mydomain.com > > LogLevel warn > ErrorLog /var/log/apache2/bh.mydomain.com-error.log > CustomLog /var/log/apache2/bh.mydomain.com-access.log combined > > WSGIDaemonProcess bh_tracker user=bloodhound > python-path=/usr/local/bloodhound/installer/bloodhound/lib/python2.7/site-packages > WSGIScriptAlias /bloodhound > /usr/local/bloodhound/installer/bloodhound/site/cgi-bin/trac.wsgi > > WSGIProcessGroup bh_tracker > WSGIApplicationGroup %{GLOBAL} > Order deny,allow > Allow from all > > > AuthType Digest > AuthName "Bloodhound" > AuthDigestDomain /bloodhound > AuthUserFile > /usr/local/bloodhound/installer/bloodhound/environments/main/bloodhound.htdigest > Require valid-user > > > > === > > I ran trac-admin deploy and restarted apache of course. What happens, > though, is any attempt to access that VirtualHost at any URI for that > subdomain it's configured for yields a 404, and the error log says this: > > File does not exist: /etc/apache2/htdocs > > I know that it's matching the VirtualHost block because the above error > gets written to the very file I uniquely specified in the ErrorLog > directive within that block. (The unique access log gets hit also.) > > So... anyone have an idea why it would be looking for an "htdocs" > directory within /etc/apache2/ instead of > /usr/local/bloodhound/installer/bloodhound/site/ ? > > In case it's of any help, mod_wsgi emits the following "info" messages > when apache is started: > > [info] mod_wsgi (pid=15156): Attach interpreter ''. > [info] mod_wsgi (pid=15156): Adding > '/usr/local/bloodhound/installer/bloodhound/lib/python2.7/site-packages' to > path. > > === > > Another thing: the Bloodhound installation doc says: > > The user referred to in the WSGIDaemonProcess should be the user that you >> wish bloodhound to be run as and so that user must have the appropriate set >> of permissions to access the Bloodhound installation. Running with any >> special system level privileges should not be required and is not >> recommended. >> > > ...but it says nothing whatsoever about which permissions are needed on > which files/directories, so we are left to completely guess, and doing > something like > > sudo chown -R bloodhound.www-data /usr/local/bloodhound; sudo chmod -R > ug+rwx /usr/local/bloodhound > > ...is ugly, inconvenient, and overly-permissive at best, and breaks things > at worst. Is there a better way? > I've always changed the owner like you've done (setting the group as well) and just left the permissions at the defaults, 775 for directories and 664 for files. However, I couldn't say whether a more restrictive set of permissions would be advisable. --089e011769cf29f2d404e69828c3 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Tue, Sep 17, 2013 at 1:25 AM, Jared Duncan <j@jdunk.com&= gt; wrote:
=
Hi list. =A0I was successfully able to install and run blo= odhound via tracd just fine, but I'm getting a strange 404 situation wh= en I try to access it via apache instead.

I'm using = the same VirtualHost block that was suggested by the installation doc only = with added directives for logging, and a ServerName and port 80 instead of = 8000.


My= VirtualHost:

<VirtualH= ost *:80>
=A0 =A0= ServerName bh.mydomai= n.com

=A0 =A0 LogLevel warn
=A0 =A0 ErrorLog /var/log/apache2/bh.mydomain.= com-error.log
=A0 =A0 CustomLog /var/log/apach= e2/bh.mydomain.com-access.log combined

=A0 =A0 WSGIDaemonProcess bh_tracker user=3Dbloodhound python-path=3D/u= sr/local/bloodhound/installer/bloodhound/lib/python2.7/site-packages=
=A0 =A0 WSGIScriptAlias /bloodho= und /usr/local/bloodhound/installer/bloodhound/site/cgi-bin/trac.wsgi
=A0 =A0 <Directory /us= r/local/bloodhound/installer/bloodhound/site/cgi-bin>
=A0 =A0 =A0 =A0 WSGIProcessGroup= bh_tracker
=A0 =A0 = =A0 =A0 WSGIApplicationGroup %{GLOBAL}
=A0 =A0 =A0 =A0 Order deny,allow
=A0 =A0 =A0 =A0 Allow from all
=A0 =A0 </Director= y>
=A0 =A0 <Lo= cationMatch "/bloodhound/[^/]+/login">
=A0 =A0 =A0 =A0 AuthType Digest<= /font>
=A0 =A0 =A0 =A0 Auth= Name "Bloodhound"
=A0 =A0 =A0 =A0 AuthDigestDomain /bloodhound
=A0 =A0 =A0 =A0 AuthUserFile /us= r/local/bloodhound/installer/bloodhound/environments/main/bloodhound.htdige= st
=A0 =A0 =A0 =A0 R= equire valid-user
=A0 =A0 </LocationMatch>
</VirtualHost><= /font>

=3D=3D=3D

I = ran trac-admin deploy and restarted apache of course. =A0What happens, thou= gh, is any attempt to access that VirtualHost at any URI for that subdomain= it's configured for yields a 404, and the error log says this:

File does not exi= st: /etc/apache2/htdocs

I know that it&= #39;s matching the VirtualHost block because the above error gets written t= o the very file I uniquely specified in the ErrorLog directive within that = block. =A0(The unique access log gets hit also.)

So... anyone have an idea why it would be looking for a= n "htdocs" directory within /etc/apache2/ instead of /usr= /local/bloodhound/installer/bloodhound/site/ ?

In case it's of any help, mod_wsgi emits the follow= ing "info" messages when apache is started:

<= div>
[info] mod_wsgi (pid=3D15156= ): Attach interpreter ''.
[info] mod_wsgi (pid=3D15156): A= dding '/usr/local/bloodhound/installer/bloodhound/lib/python2.7/site-pa= ckages' to path.

=3D=3D=3D
<= div>
Another thing: the Bloodhound installation doc says:=A0

The user referred = to in the WSGIDaemonProcess should be the user that you wish bloodhound to = be run as and so that user must have the appropriate set of permissions to = access the Bloodhound installation. Running with any special system level p= rivileges should not be required and is not recommended.

...but it says nothing whatsoever about wh= ich permissions are needed on which files/directories, so we are left to co= mpletely guess, and doing something like=A0

sudo chown -R bloodhound.www-data /usr/loca= l/bloodhound; sudo chmod -R ug+rwx /usr/local/bloodhound

...is ugly, inconvenient, and overly-permissive at best= , and breaks things at worst. =A0Is there a better way?


I've always changed the o= wner like you've done (setting the group as well) and just left the per= missions at the defaults, 775 for directories and 664 for files. However, I= couldn't say whether a more restrictive set of permissions would be ad= visable.
--089e011769cf29f2d404e69828c3--