Broken GLPI install after update

BW~Merlin · 2023-12-19 08:10:57

I am trying to upgrade our GLPI install to the latest GLPI version (10.0.11) and I have tried to follow the recommendations around "Safe configuration of web root directory" and "Safe path for data directories" and have ended up breaking things really badly.

Following the documentation about updating the Apache virtual host configuration (/etc/apache2/sites-available/glpi.config in my case) to look like the example provided (my GLPI install directory is /var/www/html/glpi/)

<VirtualHost *:80>
    ServerName glpi.localhost

    DocumentRoot /var/www/html/glpi/public

    # If you want to place GLPI in a subfolder of your site (e.g. your virtual host is serving multiple applications),
    # you can use an Alias directive. If you do this, the DocumentRoot directive MUST NOT target the GLPI directory itself.
    # Alias "/glpi" "/var/www/glpi/public"

    <Directory /var/www/html/glpi/public>
        Require all granted

        RewriteEngine On

        # Redirect all requests to GLPI router, unless file exists.
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^(.*)$ index.php [QSA,L]
    </Directory>
</VirtualHost>

.

As well as moving the contents of /var/www/html/glpi/config to /etc/glpi
/var/www/html/glpi/files to /var/lib/glpi
creating /var/log/glpi and creating inc/downstream.php (this file did NOT exist despite the documentation saying so) then running
sudo chmod 775 -Rf /etc/glpi/
sudo chown -R www-data:www-data /etc/glpi/
sudo chmod 775 -Rf /var/lib/glpi/
sudo chown -R www-data:www-data /var/lib/glpi/
to grant read and write access to the files and config directories.

When I run http://<IP_Address>/glpi/index.php to finish the install I get a lot of errors.

Permissions for GLPI data directories
Write access to /var/www/html/glpi/files/_cache has been validated.
The directory could not be created in /var/www/html/glpi/files/_cron.
Write access to /var/www/html/glpi/files has been validated.
The directory could not be created in /var/www/html/glpi/files/_dumps.
The directory could not be created in /var/www/html/glpi/files/_graphs.
The directory could not be created in /var/www/html/glpi/files/_lock.
The directory could not be created in /var/www/html/glpi/files/_pictures.
The directory could not be created in /var/www/html/glpi/files/_plugins.
The directory could not be created in /var/www/html/glpi/files/_rss.
The directory could not be created in /var/www/html/glpi/files/_sessions.
The directory could not be created in /var/www/html/glpi/files/_tmp.
The directory could not be created in /var/www/html/glpi/files/_uploads.

Safe configuration of web root directory
Web server root directory should be `/var/www/html/glpi/public` to ensure non-public files cannot be accessed.
Web server root directory configuration is not safe as it permits access to non-public files. See installation documentation for more details.

Safe path for data directories
GLPI data directories should be placed outside web root directory. It can be achieved by redefining corresponding constants. See installation documentation for more details.
The following directories do not exist and cannot be tested:
‣ "/var/www/html/glpi/files/_cron" ("GLPI_CRON_DIR")
‣ "/var/www/html/glpi/files/_dumps" ("GLPI_DUMP_DIR")
‣ "/var/www/html/glpi/files/_graphs" ("GLPI_GRAPH_DIR")
‣ "/var/www/html/glpi/files/_lock" ("GLPI_LOCK_DIR")
‣ "/var/www/html/glpi/files/_pictures" ("GLPI_PICTURE_DIR")
‣ "/var/www/html/glpi/files/_plugins" ("GLPI_PLUGIN_DOC_DIR")
‣ "/var/www/html/glpi/files/_rss" ("GLPI_RSS_DIR")
‣ "/var/www/html/glpi/files/_sessions" ("GLPI_SESSION_DIR")
‣ "/var/www/html/glpi/files/_tmp" ("GLPI_TMP_DIR")
‣ "/var/www/html/glpi/files/_uploads" ("GLPI_UPLOAD_DIR")
The following directories should be placed outside "/var/www/html/glpi":
‣ "/var/www/html/glpi/files" ("GLPI_VAR_DIR")
You can ignore this suggestion if your web server root directory is "/var/www/html/glpi/public".

Security configuration for sessions
Ensure security is enforced on session cookies.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.

Can someone help me by giving me baby steps on how to fix this?

cconard96 · 2023-12-19 15:25:50

Was your Apache site enabled? "sudo a2ensite glpi". Also, make sure you restart Apache after making the changes to the VHost/enabling the site.

None of the PHP files used to override the built-in constants are provided in the standard GLPI release archive. "inc/downstream.php" is typically added by packages (versions of GLPI built for and distributed through package managers).

"As well as moving the contents of /var/www/html/glpi/config to /etc/glpi
/var/www/html/glpi/files to /var/lib/glpi"

What did you put in the downstream.php file? It should look like this according to how you wanted to move your files:
<?php
define('GLPI_CONFIG_DIR', '/etc/glpi/');

if (file_exists(GLPI_CONFIG_DIR . '/local_define.php')) {
require_once GLPI_CONFIG_DIR . '/local_define.php';
}

Then, there should be a "/etc/glpi/local_define.php" file with:
<?php
define('GLPI_VAR_DIR', '/var/lib/glpi');
define('GLPI_LOG_DIR', '/var/log/glpi');

Also, make sure that you don't already have a local_define.php file in /var/www/html/glpi/config as that file would be loaded first and prevent the other ones from overriding anything it defines.

BW~Merlin · 2023-12-20 06:05:10

cconard96 wrote:

Was your Apache site enabled? "sudo a2ensite glpi". Also, make sure you restart Apache after making the changes to the VHost/enabling the site.

Yes

Site glpi already enabled

is the output from

sudo a2ensite glpi

and I have restarted Apache several times.

cconard96 wrote:

What did you put in the downstream.php file? It should look like this according to how you wanted to move your files:
<?php
define('GLPI_CONFIG_DIR', '/etc/glpi/');
if (file_exists(GLPI_CONFIG_DIR . '/local_define.php')) {
require_once GLPI_CONFIG_DIR . '/local_define.php';
}

This is what is in my downstream.php file

<?php
define('GLPI_CONFIG_DIR', '/etc/glpi/');

if (file_exists(GLPI_CONFIG_DIR . '/local_define.php')) {
   require_once GLPI_CONFIG_DIR . '/local_define.php';
}

cconard96 wrote:

Then, there should be a "/etc/glpi/local_define.php" file with:
<?php
define('GLPI_VAR_DIR', '/var/lib/glpi');
define('GLPI_LOG_DIR', '/var/log/glpi');

This file did not exist so I have created it.

cconard96 wrote:

Also, make sure that you don't already have a local_define.php file in /var/www/html/glpi/config as that file would be loaded first and prevent the other ones from overriding anything it defines.

This directory doesn't exist at all as it was moved to

/etc/glpi

per the install documentation.

After doing the above (and this video youtube.com/watch?v=g7slFRnUN-Y) the number of errors has reduced down to the following.

Safe configuration of web root directory
Web server root directory should be `/var/www/html/glpi/public` to ensure non-public files cannot be accessed.
Web server root directory configuration is not safe as it permits access to non-public files. See installation documentation for more details.

cconard96 · 2023-12-21 02:39:57

In your Apache config, you set the ServerName to "glpi.localhost" but you said you were connecting by IP. I'm thinking this is causing Apache to pick the default or some other config to apply for the connection.
If you can configure the vhost with a correct ServerName that you can connect with through the web, it may resolve the issue.
For me, with only a local development instance, "glpi.localhost" is sufficient. For a public GLPI, I would replace "localhost" with the DNS name of the server.
If you can't/don't want to assign a DNS name but your server has multiple IPs, you can do VHost matching based on the IP you try to access the site through.
https://httpd.apache.org/docs/2.4/vhosts/ip-based.html
https://httpd.apache.org/docs/2.4/vhost … based.html

Forum GLPI-Project

Announcement

#1 2023-12-19 08:10:57

Broken GLPI install after update

#2 2023-12-19 15:25:50

Re: Broken GLPI install after update

#3 2023-12-20 06:05:10

Re: Broken GLPI install after update

#4 2023-12-21 02:39:57

Re: Broken GLPI install after update

Board footer