Changes between Version 2 and Version 3 of Apache2.4.x
- Timestamp:
- Oct 23, 2017, 2:56:09 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Apache2.4.x
v2 v3 14 14 15 15 * '''apache2''': Apache HTTP Server v2.4.x. This is the current, recommended port to use, and will install if you simply type: 16 {{{ 17 $ sudo port install apache2 18 }}} 16 17 '''$ sudo port install apache2''' 18 19 19 Apache2-2.4.x has a different directory layout from apache2, so none of the other ports that use apache2 can use apache2.4-.x without modifications. 20 20 … … 66 66 It is not turned on, or configured, in a default High Sierra installation. 67 67 68 {{{ 69 $ sudo apachectl stop 70 }}} 68 '''$ sudo apachectl stop''' 69 71 70 === OS X Server === 72 71 Launch Server Manager and turn off the web server. … … 74 73 = Step 2: '''Install Apache''' = #apache 75 74 76 {{{ 77 $ sudo port install apache2 78 }}} 75 '''$ sudo port install apache2''' 79 76 80 77 A sample configuration file is provided in '''''/opt/local/etc/apache2/httpd.conf.orig'''''. … … 88 85 = Step 3: '''Verify your config file''' = 89 86 Verify any changes you have made to the config file: /opt/local/etc/apache2/httpd.conf 90 {{{ 91 $ /opt/local/sbin/apachectl -t 92 }}} 87 88 '''$ /opt/local/sbin/apachectl -t''' 89 93 90 This will return either "Syntax OK" or a specific line by line error listing. Note that this check is strictly a syntax check. 94 91 Logic is not verified. … … 100 97 Activate your Apache installation so that it starts now and every time you boot your machine: 101 98 102 {{{ 103 $ sudo port load apache2 104 }}} 99 '''$ sudo port load apache2''' 105 100 106 101 If when you issue this command, you immediately receive the message: … … 110 105 This means that the Launch Daemon believes that it has successfully started Apache. You probably did not shut it down in step 1 above: 111 106 112 {{{ 113 $ sudo port unload apache2 114 }}} 107 '''$ sudo port unload apache2''' 115 108 116 109 to stop apache (even though it is not running) and then start it using 117 110 118 {{{ 119 $ sudo port load apache2 120 }}} 111 '''$ sudo port load apache2''' 121 112 122 113 to start it again. 123 114 124 * type localhost in the address bar, and press enter. You should see '''It Works! ''' displayed in the browser window.115 * type 'localhost' in the address bar of Safari, and press enter. You should see '''It Works! ''' displayed in the browser window. 125 116 126 117 If the web server is NOT running at this point, a configuration error is your most likely problem. … … 129 120 130 121 After correcting any config errors and saving the updated config file, again run: 131 {{{ 132 $ sudo port unload apache2 133 $ sudo port load apache2 134 }}} 122 123 '''$ sudo port unload apache2'''\\ 124 '''$ sudo port load apache2''' 135 125 136 126 The default log file location is: `opt/local/var/log/apache2/'` The shutdown and startup attempt will be logged in "'''error_log'''" … … 141 131 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 142 132 143 {{{ 144 $ /opt/local/sbin/apachectl -t 145 $ sudo port unload apache2 146 $ sudo port load apache2 147 }}} 133 '''$ /opt/local/sbin/apachectl -t'''\\ 134 '''$ sudo port unload apache2'''\\ 135 '''$ sudo port load apache2'''\\ 136 148 137 In Apache documentation (including this page), you will see the use of "''apachectl -k restart''" described as the method to cause the config file to be re-read. 149 138 … … 155 144 If the sever name is not set properly in the configuration file, `/opt/local/etc/apache2/httpd.conf`, you will encounter the warning below. 156 145 157 {{{ 158 httpd: Could not reliably determine the server's fully qualified domain name, using <Computer-Name>.local for ServerName 159 }}} 146 '''''httpd: Could not reliably determine the server's fully qualified domain name, using <Computer-Name>.local for ServerName''''' 160 147 161 148 Where `<Computer-Name>` refers to the name of your computer as specified in the System Preferences Sharing pane. To resolve the warning, edit the configuration file and set the server name appropriately. For personal use, `localhost` is sufficient. 162 149 163 {{{ 164 ServerName localhost:80 165 }}} 150 '''''ServerName localhost:80''''' 166 151 167 152 To verify Apache is now running, point your browser to http://localhost/ (you may need to reload the page). You should see a page that says '''It works! ''' … … 171 156 === User directories === #userdir 172 157 173 If you would like to be able to access web pages in the Sites directory of your home directory, edit `/opt/local/etc/apache2/httpd.conf` and locate the following line: 174 175 {{{ 158 If you would like to be able to access web pages in the 'Sites' directory of your users' home directories, edit `/opt/local/etc/apache2/httpd.conf` and locate the following lines: 159 160 {{{ 161 #LoadModule userdir_module lib/apache2/modules/mod_userdir.so 162 #LoadModule socache_shmcb_module lib/apache2/modules/mod_socache_shmcb.so 176 163 #Include conf/extra/httpd-userdir.conf 177 164 }}} 178 165 179 Uncomment it by removing the "`#`" at the start of the line so that it reads: 180 181 {{{ 182 Include conf/extra/httpd-userdir.conf 183 }}} 184 This file: ''"/opt/local/etc/apache2/extra/httpd-userdir.conf"'' will activate the "Sites" sub-directory for all ~users on your system. (''"/Users/*/Sites"'') and contains initial, basic restrictions for access to the contents of that directory. 185 186 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 187 188 {{{ 189 $ /opt/local/sbin/apachectl -t 190 $ sudo port unload apache2 191 $ sudo port load apache2 192 }}} 166 Uncomment them by removing the "`#`" at the start of the line so that it reads: 167 168 '''Include conf/extra/httpd-userdir.conf'''\\ 169 '''LoadModule userdir_module lib/apache2/modules/mod_userdir.so'''\\ 170 '''LoadModule socache_shmcb_module lib/apache2/modules/mod_socache_shmcb.so'''\\ 171 172 Then copy the file '''/opt/local/etc/apache2/extras/httpd-userdir.conf.orig''' to '''/opt/local/etc/apache2/extras/httpd-userdir.conf''' 173 174 '''$ cd /opt/local/etc/apache2/extras/''' 175 '''$ sudo cp httpd-manual.conf.orig httpd-userdir.conf''' 176 '''$ sudo chmod og+r httpd-userdir.conf''' 177 178 In its default state, '''httpd-userdir.conf''' permits access to all users '''public_html''' directory.\ 179 To enable a users '''Sites''' directory, change both occurrences of "public_html" to '''Sites''' 180 181 This file: ''"/opt/local/etc/apache2/extra/httpd-userdir.conf"'' will then activate the "Sites" sub-directory for all users on your system. (''"/Users/*/Sites"'') and contains initial, basic restrictions for access to the contents of that directory. 182 183 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 184 185 '''$ /opt/local/sbin/apachectl -t'''\\ 186 '''$ sudo port unload apache2'''\\ 187 '''$ sudo port load apache2'''\\ 193 188 194 189 You can then view your personal pages by accessing http://localhost/~username/, where "username" is your Mac OS X account's short name. 190 '''Note:''' On a clean install of High Sierra, users will need to create their own Sites directory 195 191 196 192 === Local Apache manual === #manual … … 205 201 So that it reads like this: 206 202 207 {{{ 208 Include conf/extra/httpd-manual.conf 209 }}} 203 ''I'nclude conf/extra/httpd-manual.conf''' 210 204 211 205 Then copy the file '''/opt/local/etc/apache2/extras/httpd-manual.conf.orig''' to ''/opt/local/etc/apache2/extras/httpd-manual.conf'' 212 {{{ 213 $ cd /opt/local/etc/apache2/extras/ 214 $ sudo cp httpd-manual.conf.orig httpd-manual.conf 215 $ sudo chmod og+r httpd-manual.conf 216 }}} 217 218 At this point: 206 207 '''$ cd /opt/local/etc/apache2/extras/'''\\ 208 '''$ sudo cp httpd-manual.conf.orig httpd-manual.conf'''\\ 209 '''$ sudo chmod og+r httpd-manual.conf'''\\ 210 211 At this point a syntax check: 219 212 $ /opt/local/sbin/apachectl -t 220 213 will return the error: … … 229 222 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 230 223 231 {{{ 232 $ /opt/local/sbin/apachectl -t 233 $ sudo port unload apache2 234 $ sudo port load apache2 235 }}} 224 '''$ /opt/local/sbin/apachectl -t'''\\ 225 '''$ sudo port unload apache2'''\\ 226 '''$ sudo port load apache2'''\\ 236 227 237 228 You can then view the manual by accessing http://localhost/manual/. 238 229 239 = Not yet updated below here240 230 = ''' Apache SSL/TLS Encryption (aks Secure Sockets or https)''' = #ssl 241 231 '''Note:''' Establishing Secure Sockets is a fairly extensive process. One should first read the current Apache2 documentation found in the Apache2 manual: 242 232 {{{ 243 http://httpd.apache.org/docs/2. 2/ssl/244 }}} 245 === = Generate a self-signed certificate ====233 http://httpd.apache.org/docs/2.4/ssl/ 234 }}} 235 === Generate a self-signed certificate === 246 236 The following instructions are to generate a "self-signed" certificate.\\ 247 237 This is simply a shortcut for testing purposes (a self-signed certificate is not recommended for production!).\\ … … 258 248 Enter pass phrase for server.key: 259 249 Verifying - Enter pass phrase for server.key: 260 261 250 262 251 $ sudo openssl req -new -key server.key -out server.csr … … 301 290 writing RSA key 302 291 303 $ sudo cp server.crt /opt/local/apache2/conf/ 304 $ sudo cp server.key /opt/local/apache2/conf/ 305 }}} 306 '''Note:''' Certificate generation can be accomplished in any directory. If you did so in ''"/opt/local/apache2/conf"'' the last two copy commands are redundant, and will generate the following errors respectively: 307 {{{ 308 cp: /opt/local/apache2/conf/server.crt and server.crt are identical (not copied). 309 cp: /opt/local/apache2/conf/server.key and server.key are identical (not copied). 310 }}} 311 312 Then enable the following in {{{/opt/local/apache2/conf/httpd.conf}}} 313 314 {{{ 315 LoadModule ssl_module modules/mod_ssl.so 316 317 # Secure (SSL/TLS) connections 318 Include conf/extra/httpd-ssl.conf 319 }}} 320 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 321 {{{ 322 $ /opt/local/apache2/bin/apachectl -t 323 $ sudo port unload apache2 324 $ sudo port load apache2 325 }}} 292 $ sudo cp server.crt /opt/local/etc/apache2/ 293 $ sudo cp server.key /opt/local/etc/apache2/ 294 }}} 295 '''Note:''' Certificate generation can be accomplished in any directory. If you did so in ''"/opt/local/etc/apache2/"'' the last two copy commands are redundant, and will generate the following errors respectively: 296 {{{ 297 cp: /opt/local/etc/apache2/server.crt and server.crt are identical (not copied). 298 cp: /opt/local/etc/apache2//server.key and server.key are identical (not copied). 299 }}} 300 301 === Activate SSL === 302 Enable (uncomment) the following in {{{/opt/local/etc/apache2/httpd.conf}}} 303 304 '''LoadModule ssl_module modules/mod_ssl.so''' 305 306 # Secure (SSL/TLS) connections\\ 307 '''Include conf/extra/httpd-ssl.conf''' 308 309 Then copy the file '''/opt/local/etc/apache2/extras/httpd-ssl.conf.orig''' to ''/opt/local/etc/apache2/extras/httpd-ssl.conf'' 310 {{{ 311 $ cd /opt/local/etc/apache2/extras/ 312 $ sudo cp httpd-ssl.conf.orig httpd-ssl.conf 313 $ sudo chmod og+r httpd-ssl.conf 314 }}} 315 316 A syntax check at this point will yield: 317 {{{ 318 /opt/local/sbin/apachectl -t 319 AH00526: Syntax error on line 92 of /opt/local/etc/apache2/extra/httpd-ssl.conf: 320 SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?). 321 }}} 322 323 Then enable (uncomment) the following in {{{/opt/local/etc/apache2/httpd.conf}}} 324 325 '''LoadModule authn_socache_module lib/apache2/modules/mod_authn_socache.so''' 326 327 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 328 329 '''$ /opt/local/sbin/apachectl -t'''\\ 330 '''$ sudo port unload apache2'''\\ 331 '''$ sudo port load apache2'''\\ 326 332 327 333 The most likely error you will receive is: 328 334 {{{ 329 Syntax error on line 120 of /opt/local/ apache2/conf/extra/httpd-ssl.conf:330 SSLCertificateFile: file '/opt/local/ apache2/conf/server.crt' does not exist or is empty335 Syntax error on line 120 of /opt/local/etc/apache2/extra/httpd-ssl.conf: 336 SSLCertificateFile: file '/opt/local/etc/apache2/server.crt' does not exist or is empty 331 337 }}} 332 338 If so, simply revisit the instructions above to create a self-signed certificate. 333 339 334 === = Verify your success ====340 === Verify your success === 335 341 336 342 type ''"https://<your server address>"'' in Safari. \\ … … 338 344 At which point you can view the details of your certificate and select your appropriate actions. 339 345 340 === = Configure your "Virtual Host" ====346 === Configure your "Virtual Host" === 341 347 While you have verified your certificate, you will discover that you have no access to your server - ''"You don't have permission to access.... on this server."''\\ 342 This is because the SSL Virtual Host has not been configured in ''"/opt/local/ apache2/conf/extra/httpd-ssl.conf"''343 344 Edit ''"/opt/local/ apache2/conf/conf/extra/httpd-ssl.conf"'' and moved down to the section:348 This is because the SSL Virtual Host has not been configured in ''"/opt/local/etc/apache2/extra/httpd-ssl.conf"'' 349 350 Edit ''"/opt/local/etc/apache2//extra/httpd-ssl.conf"'' and moved down to the section: 345 351 {{{ 346 352 # General setup for the virtual host 347 DocumentRoot "/opt/local/ apache2/htdocs"348 ServerName www. example.com:443349 ServerAdmin you@example.com350 ErrorLog "/opt/local/ apache2/logs/error_log"351 TransferLog "/opt/local/ apache2/logs/access_log"353 DocumentRoot "/opt/local/www/apache2/html" 354 ServerName www.mcgillsociety.org:443 355 ServerAdmin magill@icloud.com 356 ErrorLog "/opt/local/var/log/apache2/error_log" 357 TransferLog "/opt/local/var/log/apache2/access_log" 352 358 }}} 353 359 Configure this section appropriately. \\ … … 355 361 As there are many optional ways of configuring security on your web server, consult the Apache2 manual for details. 356 362 {{{ 357 http://httpd.apache.org/docs/2. 2/ssl/358 }}} 359 360 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 361 {{{ 362 $ /opt/local/apache2/bin/apachectl -t 363 $ sudo port unload apache2 364 $ sudo port load apache2 365 }}} 363 http://httpd.apache.org/docs/2.4/ssl/ 364 }}} 365 366 After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. 367 368 '''$ /opt/local/apache2/bin/apachectl -t'''\\ 369 '''$ sudo port unload apache2'''\\ 370 '''$ sudo port load apache2''' 371 366 372 367 373 [wiki:howto <- Back to the HOWTO section]