Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/webtools/bugzilla/docs/html/geninstall.html
barnboy%trilobyte.net 7573dc0eaf Buncha' release updates. Moved all images to 
./images so we don't have multiple copies of the
same image, fixed these doc bugs (in no particular order):
94949
97070
97071
97114
96498
95970
96677
94953
96501
96679
97068
97191
97192


git-svn-id: svn://10.0.0.236/trunk@101950 18797224-902f-48f8-a5cc-f745e15eee43
2001-08-29 17:25:41 +00:00

421 lines
8.6 KiB
HTML
Raw Blame History

<HTML
><HEAD
><TITLE
>Installation General Notes</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
"><LINK
REL="HOME"
TITLE="The Bugzilla Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="Installation"
HREF="installation.html"><LINK
REL="PREVIOUS"
TITLE="BSD Installation Notes"
HREF="bsdinstall.html"><LINK
REL="NEXT"
TITLE="Win32 Installation Notes"
HREF="win32.html"></HEAD
><BODY
CLASS="SECTION"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="bsdinstall.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 3. Installation</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="win32.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECTION"
><H1
CLASS="SECTION"
><A
NAME="GENINSTALL"
>3.5. Installation General Notes</A
></H1
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="AEN941"
>3.5.1. Modifying Your Running System</A
></H2
><P
> Bugzilla optimizes database lookups by storing all relatively static
information in the versioncache file, located in the data/ subdirectory
under your installation directory.
</P
><P
> If you make a change to the structural data in your database
(the versions table for example), or to the
<SPAN
CLASS="QUOTE"
>"constants"</SPAN
> encoded in defparams.pl, you will
need to remove the cached content from the data directory
(by doing a <SPAN
CLASS="QUOTE"
>"rm data/versioncache"</SPAN
>), or your
changes won't show up.
</P
><P
> That file gets automatically regenerated whenever it's more than an
hour old, so Bugzilla will eventually notice your changes by itself, but
generally you want it to notice right away, so that you can test things.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="AEN948"
>3.5.2. Upgrading From Previous Versions</A
></H2
><P
> The developers of Bugzilla are constantly adding new tables, columns and
fields. You'll get SQL errors if you just update the code. The strategy
to update is to simply always run the checksetup.pl script whenever
you upgrade your installation of Bugzilla. If you want to see what has
changed, you can read the comments in that file, starting from the end.
</P
><P
> If you are running Bugzilla version 2.8 or lower, and wish to upgrade to
the latest version, please consult the file, "UPGRADING-pre-2.8" in the
Bugzilla root directory after untarring the archive.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="HTACCESS"
>3.5.3. <TT
CLASS="FILENAME"
>.htaccess</TT
> files and security</A
></H2
><P
> To enhance the security of your Bugzilla installation,
Bugzilla will generate
<I
CLASS="GLOSSTERM"
><TT
CLASS="FILENAME"
>.htaccess</TT
></I
> files
which the Apache webserver can use to restrict access to
the bugzilla data files. The checksetup script will
generate the <TT
CLASS="FILENAME"
>.htaccess</TT
> files.
<DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> If you are using an alternate provider of
<SPAN
CLASS="PRODUCTNAME"
>webdot</SPAN
> services for graphing
(as described when viewing
<TT
CLASS="FILENAME"
>editparams.cgi</TT
> in your web
browser), you will need to change the ip address in
<TT
CLASS="FILENAME"
>data/webdot/.htaccess</TT
> to the ip
address of the webdot server that you are using.
</P
></TD
></TR
></TABLE
></DIV
>
</P
><P
> If you are using Internet Information Server or other web
server which does not observe <TT
CLASS="FILENAME"
>.htaccess</TT
>
conventions, you can disable their creation by editing
<TT
CLASS="FILENAME"
>localconfig</TT
> and setting the
<TT
CLASS="VARNAME"
>$create_htaccess</TT
> variable to
<TT
CLASS="PARAMETER"
><I
>0</I
></TT
>.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="MOD_THROTTLE"
>3.5.4. <TT
CLASS="FILENAME"
>mod_throttle</TT
> and Security</A
></H2
><P
> It is possible for a user, by mistake or on purpose, to access
the database many times in a row which can result in very slow
access speeds for other users. If your Bugzilla installation
is experiencing this problem , you may install the Apache
module <TT
CLASS="FILENAME"
>mod_throttle</TT
> which can limit
connections by ip-address. You may download this module at
<A
HREF="http://www.snert.com/Software/Throttle/"
TARGET="_top"
>http://www.snert.com/Software/Throttle/</A
>. Follow the instructions to install into your Apache install. <EM
>This module only functions with the Apache web server!</EM
>. You may use the <B
CLASS="COMMAND"
>ThrottleClientIP</B
> command provided by this module to accomplish this goal. See the <A
HREF="http://www.snert.com/Software/Throttle/"
TARGET="_top"
>Module Instructions</A
> for more information. </P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="CONTENT_TYPE"
>3.5.5. Preventing untrusted Bugzilla content from executing malicious Javascript code</A
></H2
><P
>It is possible for a Bugzilla to execute malicious
Javascript code. Due to internationalization concerns, we are
unable to incorporate the code changes necessary to fulfill
the CERT advisory requirements mentioned in <A
HREF="http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3"
TARGET="_top"
>http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3</A
>. Executing the following code snippet from a UNIX command shell will rectify the problem if your Bugzilla installation is intended for an English-speaking audience. As always, be sure your Bugzilla installation has a good backup before making changes, and I recommend you understand what the script is doing before executing it. </P
><P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>bash# cd $BUGZILLA_HOME; for i in `ls *.cgi`; \
do cat $i | sed 's/Content-type\: text\/html/Content-Type: text\/html\; charset=ISO-8859-1/' &#62;$i.tmp; \
mv $i.tmp $i; done
</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
> All this one-liner command does is search for all instances of
<SPAN
CLASS="QUOTE"
>"Content-type: text/html"</SPAN
> and replaces it with
<SPAN
CLASS="QUOTE"
>"Content-Type: text/html; charset=ISO-8859-1"</SPAN
>.
This specification prevents possible Javascript attacks on the
browser, and is suggested for all English-speaking sites. For
non-english-speaking Bugzilla sites, I suggest changing
<SPAN
CLASS="QUOTE"
>"ISO-8859-1"</SPAN
>, above, to <SPAN
CLASS="QUOTE"
>"UTF-8"</SPAN
>.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="UNIXHISTORY"
>3.5.6. UNIX Installation Instructions History</A
></H2
><P
> This document was originally adapted from the Bonsai
installation instructions by Terry Weissman
&#60;terry@mozilla.org&#62;.
</P
><P
> The February 25, 1999 re-write of this page was done by Ry4an
Brase &#60;ry4an@ry4an.org&#62;, with some edits by Terry
Weissman, Bryce Nesbitt, Martin Pool, &#38; Dan Mosedale (But
don't send bug reports to them; report them using bugzilla, at <A
HREF="http://bugzilla.mozilla.org/enter_bug.cgi?product=Bugzilla"
TARGET="_top"
>http://bugzilla.mozilla.org/enter_bug.cgi?product=Bugzilla</A
> ).
</P
><P
> This document was heavily modified again Wednesday, March 07
2001 to reflect changes for Bugzilla 2.12 release by Matthew
P. Barnson. The securing MySQL section should be changed to
become standard procedure for Bugzilla installations.
</P
><P
> Finally, the README in its entirety was marked up in SGML and
included into the Guide on April 24, 2001 by Matt Barnson.
Since that time, it's undergone extensive modification as
Bugzilla grew.
</P
><P
> Comments from people using this Guide for the first time are
particularly welcome.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="bsdinstall.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="win32.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>BSD Installation Notes</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="installation.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Win32 Installation Notes</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink