Running Request Tracker (RT) with OpenBSD httpd

Before we start...

Yes, I know, there's an rt package in ports. Unfortunately, it seems it depends on that patchy web server. Thus, here is a guide to using OpenBSD's httpd(8).

Installation

This guide makes the following assumptions:

• You have installed all installation sets when you build your server - especially the comp* set.
• You have an unobstructed view of the internet from your server.
• You have other activities you can go to while the non-port dependencies are built.
• You are not averse to doing things on command line. (and if you are, why are you here?)

Get what you need

1. Download the software - RT and the MariaDB server, as well as all of the prerequisites available in packages.

   $ ftp https://download.bestpractical.com/pub/rt/release/rt-4.4.4.tar.gz
   $ doas pkg_add mariadb_server p5-DBD-mysql p5-Crypt-SSLeay p5-LWP-Protocol-https \
     p5-File-Which p5-Crypt-X509 p5-String-ShellQuote p5-HTML-Mason-PSGIHandler \
     p5-URI p5-CGI-PSGI p5-Data-ICal p5-JSON p5-IPC-Run3 p5-CGI p5-Net-IP \
     p5-HTML-Quoted p5-XML-RSS p5-Text-Password-Pronounceable p5-DateTime-Locale \
     p5-Locale-Maketext-Lexicon p5-Role-Basic p5-Module-Refresh p5-HTML-Mason \
     p5-HTTP-Message p5-Symbol-Global-Name p5-MIME-Types p5-Data-GUID \
     p5-Regexp-Common p5-DateTime-Format-Natural p5-Regexp-IPv6 p5-Text-Quoted \
     p5-HTML-FormatText-WithLinks-AndTables p5-Module-Versions-Report \
     p5-DBIx-SearchBuilder p5-Text-Template p5-CSS-Squish p5-Tree-Simple \
     p5-DBI p5-Log-Dispatch p5-Crypt-Eksblowfish p5-HTML-RewriteAttributes \
     p5-Date-Extract p5-Apache-Session p5-Universal-require p5-Scope-Upper \
     p5-HTML-Scrubber p5-HTML-FormatText-WithLinks p5-DateTime \
     p5-Devel-GlobalDestruction p5-CGI-Emulate-PSGI p5-Text-Wrapper \
     p5-Convert-Color p5-Email-Address p5-Regexp-Common-net-CIDR p5-Net-CIDR \
     p5-Text-WikiFormat p5-List-MoreUtils p5-Email-Address-List p5-File-ShareDir \
     p5-Devel-StackTrace p5-Plack p5-Locale-Maketext-Fuzzy p5-Module-Pluggable \
     p5-Convert-ASN1 p5-Data-UUID p5-Business-Hours p5-Data-Page-Pageset \
     p5-JavaScript-Minifier-XS p5-CSS-Minifier-XS p5-Starlet p5-Mail-Tools \
     p5-MIME-tools p5-Time-modules p5-DateManip
   

   You can skip the MariaDB server package (and the next section) if the database will be on another server.

Prepare the Database

2. Run doas mysql_install_db to initialise the databases.

3. Start the MariaDB server and begin securing.

   $ doas /etc/rc.d/mysqld start
   $ doas mysql_secure_installation
   

4. Press enter when asked for your current password, enter a password when asked and agree to the changes the script wants to make.

Prepare to Install

5. Unpack the software.

   $ tar zxvf rt-4.4.4.tar.gz
   $ cd rt-4.4.4
   

6. Run ./configure to configure RT with defaults. Doing so will install all of the files in /opt/rt4. Use the --prefix option to change this, but the guide will assume you're using the default.

7. Run make testdeps to ensure that all dependencies are met. This should succeed, turns out the packages were in ports after all.

Install and Configure

9. Install the software by typing doas make install.

10. Once installation is complete, start a temporary web server for the software. It will not fork.

    $ doas /opt/rt4/sbin/rt-server
    

11. Log into a web browser and follow the installation process. Once complete, hit Ctrl+C to shut down the temporary web server.

12. Add the following jobs to cron, to automate email tasks.

    0 0 * * * root /opt/rt4/sbin/rt-email-digest -m daily
    0 0 * * 0 root /opt/rt4/sbin/rt-email-digest -m weekly
    0 * * * * root /opt/rt4/sbin/rt-email-dashboards
    0 0 * * * root /opt/rt4/sbin/rt-externalize-attachments
    

13. TODO: Redirect email from smtpd to MailGate.

    If you run a third party mail system you wish to use, doas pkg_add fetchmail and pipe the emails into rt-mailgate with the following .fetchmailrc in /var/www:

    set logfile /opt/rt4/var/fetchmail.log
    set pidfile /opt/rt4/var/fetchmail.pid
    poll domain.com.au via 172.19.1.6 with proto IMAP
            auth password
            user "username" password "Not4U2C!" mda "/opt/rt4/bin/rt-mailgate --queue Support --action correspond --url http://rt.domain.com.au"
            options folder Inbox ssl keep
    

    Add the following line to www's crontab to ensure this stays running (see point below on why this is not recommended):

    * * * * * fetchmail -d 60
    

14. Set up the FastCGI handler to be run on boot and auto restart on failure.

    NOTE: This configuration is not recommended by OpenBSD developers as RT may have failed for a reason and thus should not be allowed to auto restart. When I have a better method set up, I will document it here.

    #!/bin/sh
    
    RT_SOCK=/var/www/run/rt/rt-server.sock
    
    if [ -e /opt/rt4/run/restart ]
    then
            rm /opt/rt4/run/restart
            pkill -U www perl>/dev/null
            sleep 5
    fi
    
    if pgrep -U www perl>/dev/null
    then
            sleep 1
            exit 0
    fi
    
    /opt/rt4/sbin/rt-server.fcgi --socket $RT_SOCK --processes 5 >/dev/null 2>&1 &
    

    Then add the line below to www's crontab:

    * * * * * /opt/rt4/etc/fcgi-check
    

15. Edit /etc/httpd.conf to set up the FastCGI connection - SSL is highly recommended:

    $domain=rt.domain.com.au
    server $domain {
            listen on egress port 80
            block return 301 "https://$SERVER_NAME$REQUEST_URI"
            connection max request body 104857600
    }
    server $domain {
            listen on egress tls port 443
            fastcgi socket "/run/rt/rt-server.sock"
            log syslog
            tls {
                    key "/etc/ssl/private/server.key"
                    certificate "/etc/ssl/server.crt"
            }
            # This bit is crucial to allowing large(r) attachments
            connection max request body 104857600
    }