3.5.2. Apache on Windows

Bugzilla supports all versions of Apache 2.2.x and 2.4.x.

3.5.2.1. Installing

Download the Apache HTTP Server as a .zip archive either from the Apache Lounge website or from the Apache Haus website.

Unzip the archive into C:\Apache24. If you move it elsewhere, then you must edit several variables in httpd.conf, including ServerRoot and DocumentRoot.

You must now edit the Apache configuration file C:\Apache24\conf\httpd.conf and do the following steps:

  1. Uncomment LoadModule cgi_module modules/mod_cgi.so at the beginning of the file to enable CGI support.
  2. Uncomment AddHandler cgi-script .cgi to register .cgi files as CGI scripts. For this handler to work, you must create a key in the Windows registry named HKEY_CLASSES_ROOT\.cgi\Shell\ExecCGI\Command with the default value pointing to the full path of perl.exe with a -T parameter. For example C:\Perl\bin\perl.exe -T if you use ActivePerl, or C:\Strawberry\perl\bin\perl.exe -T if you use Strawberry Perl.
  3. Add an Alias and a Directory for Bugzilla:
Alias "/bugzilla/" "C:/bugzilla/"
<Directory "C:/bugzilla">
    ScriptInterpreterSource Registry-Strict
    Options +ExecCGI +FollowSymLinks
    DirectoryIndex index.cgi index.html
    AllowOverride All
    Require all granted
</Directory>

Warning

The above block takes a simple approach to access control and is correct for Apache 2.4. For Apache 2.2, replace Require all granted with Allow from all. If you have other access control requirements, you may need to make further modifications.

You now save your changes and start Apache as a service. From the Windows command line (cmd.exe):

C:\Apache24\bin>httpd.exe -k install

That's it! Bugzilla is now accessible from http://localhost/bugzilla.

3.5.2.2. Apache Account Permissions

By default Apache installs itself to run as the SYSTEM account. For security reasons it's better the reconfigure the service to run as an Apache user. Create a new Windows user that is a member of no groups, and reconfigure the Apache2 service to run as that account.

Whichever account you are running Apache as, SYSTEM or otherwise, needs write and modify access to the following directories and all their subdirectories. Depending on your version of Windows, this access may already be granted.

  • C:\Bugzilla\data
  • C:\Apache24\logs
  • C:\Windows\Temp

Note that C:\Bugzilla\data is created the first time you run checksetup.pl.

3.5.2.3. Logging

Unless you want to keep statistics on how many hits your Bugzilla install is getting, it's a good idea to disable logging by commenting out the CustomLog directive in the Apache config file.

If you don't disable logging, you should at least disable logging of "query strings". When external systems interact with Bugzilla via webservices (REST/XMLRPC/JSONRPC) they include the user's credentials as part of the URL (in the query string). Therefore, to avoid storing passwords in clear text on the server we recommend configuring Apache to not include the query string in its log files.

  1. Find the following line in the Apache config file, which defines the logging format for vhost_combined:

    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
    
  2. Replace %r with %m %U.

(If you have configured Apache differently, a different log line might apply. Adjust these instructions accordingly.)

3.5.2.4. Using Apache with SSL

If you want to enable SSL with Apache, i.e. access Bugzilla from https://localhost/bugzilla, you need to do some extra steps:

  1. Edit C:\Apache24\conf\httpd.conf and uncomment these lines:

    • LoadModule ssl_module modules/mod_ssl.so
    • LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
    • Include conf/extra/httpd-ssl.conf
  2. Create your .key and .crt files using openssl.exe provided with Apache:

    C:\Apache24\bin>openssl.exe req -x509 -nodes -days 730 -newkey rsa:2048 -keyout server.key -out server.crt

    openssl.exe will ask you a few questions about your location and your company name to populate fields of the certificate.

  3. Once the key and the certificate for your server are generated, move them into C:\Apache24\conf so that their location matches the SSLCertificateFile and SSLCertificateKeyFile variables defined in C:\Apache24\conf\extra\httpd-ssl.conf (which you don't need to edit).

Note

This process leads to a self-signed certificate which will generate browser warnings on first visit. If your Bugzilla has a public DNS name, you can get a cert from a CA which will not have this problem.

3.5.2.5. Restart Apache

Finally, restart Apache to pick up the changes, either from the Services console or from the command line:

C:\Apache24\bin>httpd.exe -k restart