Bug 233592 : Apache config section: missing info, extraneous info, generally confusing.

Patch by Shane H. W. Travis <travis@sedsystems.ca> r=colin.ogilvie

Bug 233592 : Apache config section: missing info, extraneous info, generally confusing.
a83a50ab · travis%sedsystems.ca · d2de194a · a83a50ab
Commit a83a50ab authored Feb 12, 2005 by travis%sedsystems.ca
Hide whitespace changes
Inline Side-by-side

Showing with 98 additions and 42 deletions

installation.xml docs/xml/installation.xml +98 -42

No files found.
--- a/docs/xml/installation.xml
+++ b/docs/xml/installation.xml
 <!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
-<!-- $Id: installation.xml,v 1.89 2005/01/10 07:57:54 travis%sedsystems.ca Exp $ -->
+<!-- $Id: installation.xml,v 1.90 2005/02/11 18:52:24 travis%sedsystems.ca Exp $ -->
 <chapter id="installing-bugzilla">
  <title>Installing Bugzilla</title>
@@ -744,52 +744,108 @@
    <section id="http">
      <title>Web server</title>
-      <para>Configure your web server according to the instructions in the
+      <para>
-      appropriate section. The Bugzilla Team recommends Apache. No matter
+        Configure your web server according to the instructions in the
-      what webserver you choose, make sure that sensitive information is
+        appropriate section. (If it makes a difference in your choice,
-      not remotely available by ensuring that the access controls in
+        the Bugzilla Team recommends Apache.) Regardless of which webserver
-      <xref linkend="security-webserver-access"/> are properly applied.
+        you are using, however, ensure that sensitive information is
+        not remotely available by properly applying the access controls in
+        <xref linkend="security-webserver-access"/>.
      </para>
      <section id="http-apache">
        <title>Apache <productname>httpd</productname></title>
+        <para>
+          To configure your Apache web server to work with Bugzilla,
+          do the following:
+        </para>
-         <para>Load <filename>httpd.conf</filename> in your editor.</para>
+        <procedure>
+          <step>
-         <para>Uncomment (or add) the following line. 
+            <para>
-          This configures Apache to run .cgi files outside the
+              Load <filename>httpd.conf</filename> in your editor.
-          <filename class="directory">cgi-bin</filename> directory.
+              In Fedora and Red Hat Linux, this file is found in
-          </para>
+              <filename class="directory">/etc/httpd/conf</filename>.
+            </para>
-          <programlisting>  AddHandler cgi-script .cgi</programlisting>
+          </step>
-          <para>Apache uses <computeroutput>&lt;Directory&gt;</computeroutput>
+          <step>
-          directives to permit fine-grained permission setting.
+            <para>
-          Add the following two lines to a 
+              Apache uses <computeroutput>&lt;Directory&gt;</computeroutput>
-          <computeroutput>&lt;Directory&gt;</computeroutput> directive that 
+              directives to permit fine-grained permission setting. Add the
-          applies either to the Bugzilla directory or one of its parents
+              following lines to a directive that applies to the location
-          (e.g. the <computeroutput>&lt;Directory /var/www/html&gt;</computeroutput>
+              of your Bugzilla installation. (If such a section does not
-          directive).
+              exist, you'll want to add one.) In this example, Bugzilla has
-          This allows Bugzilla's <filename>.htaccess</filename> files to 
+              been installed at 
-          override global permissions, and allows .cgi files to run in the 
+              <filename class="directory">/var/www/html/bugzilla</filename>.
-          Bugzilla directory.
+            </para>
-          </para>
+            <programlisting>
-          <programlisting>  Options +ExecCGI +FollowSymLinks
+&lt;Directory /var/www/html/bugzilla&gt;
-  AllowOverride Limit</programlisting>
+  AddHandler cgi-script .cgi
+  Options +Indexes +ExecCGI
-          <para>Add <filename>index.cgi</filename> to the end
+  DirectoryIndex index.cgi
-          of the <computeroutput>DirectoryIndex</computeroutput> 
+  AllowOverride Limit
-          line.</para>
+&lt;/Directory&gt;
+            </programlisting>
-          <para><filename>checksetup.pl</filename> can set tighter permissions
-          on Bugzilla's files and directories if it knows what group the
+            <para>
-          webserver runs as. Look for the <computeroutput>Group</computeroutput>
+              These instructions: allow apache to run .cgi files found
-          line in <filename>httpd.conf</filename>, and place that value in
+              within the bugzilla directory; instructs the server to look
-          the <replaceable>$webservergroup</replaceable> variable in
+              for a file called <filename>index.cgi</filename> if someone
-          <filename>localconfig</filename>. Then rerun
+              only types the directory name into the browser; and allows
-          <filename>checksetup.pl</filename>.
+              Bugzilla's <filename>.htaccess</filename> files to override
-          </para>
+              global permissions.
+            </para>
+            <note>
+              <para>
+                It is possible to make these changes globally, or to the
+                directive controlling Bugzilla's parent directory (e.g.
+                <computeroutput>&lt;Directory /var/www/html/&gt;</computeroutput>).
+                Such changes would also apply to the Bugzilla directory...
+                but they would also apply to many other places where they
+                may or may not be appropriate. In most cases, including
+                this one, it is better to be as restrictive as possible
+                when granting extra access.
+              </para>
+            </note>
+          </step>                    
+          <step>
+            <para>
+              <filename>checksetup.pl</filename> can set tighter permissions
+              on Bugzilla's files and directories if it knows what group the
+              webserver runs as. Find the <computeroutput>Group</computeroutput>
+              line in <filename>httpd.conf</filename>, place the value found
+              there in the <replaceable>$webservergroup</replaceable> variable
+              in <filename>localconfig</filename>, then rerun
+              <filename>checksetup.pl</filename>.
+            </para>
+          </step>
+          <step>
+            <para>
+              Optional: If Bugzilla does not actually reside in the webspace
+              directory, but instead has been symbolically linked there, you
+              will need to add the following to the
+              <computeroutput>Options</computeroutput> line of the Bugzilla 
+              <computeroutput>&lt;Directory&gt;</computeroutput> directive
+              (the same one as in the step above):
+            </para>
+            <programlisting>
+ +FollowSymLinks
+            </programlisting>
+            <para>
+              Without this directive, Apache will not follow symbolic links
+              to places outside its own directory structure, and you will be
+              unable to run Bugzilla.
+            </para>
+          </step>
+        </procedure>
      </section>
      <section id="http-iis">