[[PageOutline]] [wiki:howto <- Back to the HOWTO section] = About Apache = #about The Apache HTTP Server, commonly referred to as Apache, is the world's most-popular web server. For information on integrating Apache with MySQL and PHP, see [wiki:howto/MAMP MAMP]. = Versions = #versions MacPorts includes the following versions of Apache: * '''apache2''': Apache HTTP Server v2.4.x. This is the recommended port to use. * '''apache20''': Apache HTTP Server v2.0.x. This is port is soon to be retired. * '''apache22''': Apache HTTP Server v2.2.x. This is the former '''apache2''' port. It will be maintained as long as as it is supported by Apache.org. * '''apache24-devel''': Apache HTTP Server v2.4.x. The apache24-devel port has been retired. * '''apache''': Apache HTTP Server v1.3.x. The apache port has been retired. This page shows how to install and use the apache2 port. The instructions cannot be easily adapted to the other ports. == October 2017 - Apache 2.4.x == In October of 2017 Apache 2.2.x was upgraded to Apache 2.4.x. This involved a significant set of changes as listed in the Notes of the portfile: Apache2 has been migrated from the 2.2.x to the 2.4.x branch. The install paths have been changed to no longer violate the MacPorts mtree: 1. The binaries are now under /opt/local/sbin/ (rather than under /opt/local/apache2/bin/) 2. The configure files are now under /opt/local/etc/apache2/ (rather than under /opt/local/apache2/conf/) 3. The modules are now under /opt/local/lib/apache2/modules/ (rather than under /opt/local/apache2/modules/) 4. The web root is now located under /opt/local/www/apache2/html/ (rather than under /opt/local/apache2/htdocs/) 5. The cgi-bin is now located under /opt/local/www/apache2/cgi-bin/ (rather than under /opt/local/apache2/cgi-bin/) 6. The logs are now located under /opt/local/var/log/apache2/ (rather than under /opt/local/apache2/logs/) 7. The manual is now located under /opt/local/www/apache2/manual/ (rather than under /opt/local/apache2/manual/) 8. The manual (man) pages are still at /opt/local/share/apache2/man/ You can move your htdocs and cgi-bin to the new locations, or edit /opt/local/etc/apache2/httpd.conf to point at the old locations. If upgrading from the old apache2 (2.2.x), please also consult https://httpd.apache.org/docs/2.4/upgrading.html = Step 1: '''Turn off Apple's "Personal Web Sharing"''' = #pws If you haven’t already done so, make sure you turn off Apple’s "Personal Web Sharing" so that the default Apache server is not running. While you can set things up so that both servers run on different ports (e.g., port 80 and port 8080), it’s not worth the hassle of maintaining two web server daemons. Just use the latest Apache from MacPorts and be done with it. === OS X 10.8 Mountain Lion and earlier === Turn off Personal Web Sharing in the Sharing pane of System Preferences. === OS X 10.9 Mavericks === Stop the web server from the command line: {{{ $ sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist }}} === OS X 10.10 Yosemite and later === Yosemite no longer has Personal Web Sharing as an option. Although the Apache 2 web server is still supplied by Apple as part of the Yosemite distribution, there is no "easy" way to turn it on (or off). So, if you managed to turn it on, you already know how to turn it off! === OS X Server === Launch Server Manager and turn off the web server. = Step 2: Install Apache = #apache {{{ $ sudo port install apache2 }}} A sample configuration file is provided in `/opt/local/etc/apache2/original/httpd.conf`. Don't edit this file; leave it as is so you can refer to the defaults later. The first time you install apache2, the sample configuration file will be copied to `/opt/local/etc/apache2/httpd.conf` for you. You can edit this file as desired. When you later upgrade apache2 to a newer version, MacPorts will upgrade the sample configuration file but will not modify your `httpd.conf`, so be sure to manually compare your `httpd.conf` with the new sample configuration file and bring over any relevant changes. You should also keep backup copies of your `httpd.conf` in a safe place. = Step 3: Verify your config file = Verify any changes you have made to the config file: /opt/local/etc/apache2/httpd.conf {{{ $ /opt/local/sbin/apachectl -t }}} This will return either "Syntax OK" or a specific line by line error listing. = Step 4: Activate Apache2 = Activate your Apache installation so that it starts now and every time you boot your machine: {{{ $ sudo port load apache2 }}} If when you issue this command, you immediately receive the message: /opt/local/etc/LaunchDaemons/org.macports.apache2/org.macports.apache2.plist: Operation already in progress This means that the Launch Daemon believes that it successfully started Apache. At this point, a configuration error is your most likely problem. Verify your config file as above. After correcting any config errors and saving the updated config file, simply run: {{{ $ sudo port unload apache2 }}} to stop apache (even though it is not running) and then start it using {{{ $ sudo port load apache2 }}} to start it again. The default log file location is: '''/opt/local/var/log/apache2/'''. The startup will be logged in "'''error_log'''" = Step 5: Initial changes to the config file = Once you have determined that your basic installation is working, you need to consider making some initial changes to your config file. After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. {{{ $ /opt/local/sbin/apachectl -t $ sudo port unload apache2 $ sudo port load apache2 }}} In Apache documentation (including this page), you will see the use of "''apachectl -k restart''" described as the method to cause the config file to be re-read. However under OSX, the purpose of ''launchd'' is to notice processes that stop without its knowledge, and to restart them. So if you use ''apachectl -k restart'', launchd may notice apache "crashing" and restart it itself, confusing apachectl. Instead, you shoulduse "port" to tell launchctl to unload apache2, then load it again. This will result in a short interruption of service. If the sever name is not set properly in the configuration file, `/opt/local/etc/apache2/httpd.conf`, you will encounter the warning below. {{{ httpd: Could not reliably determine the server's fully qualified domain name, using .local for ServerName }}} Where `` refers to the name of your computer as specified in the System Preferences Sharing pane. To resolve the warning, edit the configuration file and set the server name appropriately. For personal use, `localhost` is sufficient. {{{ ServerName localhost:80 }}} To verify Apache is now running, point your browser to http://localhost/ (you may need to reload the page). You should see a page that says "It works!" If desired, reboot your machine and point your browser again to http://localhost/ to confirm that Apache is again running. '''NOTE:''' The setting of "ServerName" to anything other than the '''Fully Qualified Domain Name''' (FQDN) of the server under Apache 2.2.x and Yosemite, does not produce the expected results. Using the links above to "localhost" will fail with Safari complaining "''Failed to open page. Safari can't open the page "localhost" because Safari can't connect to the server "localhost".'' The simple answer is "localhost" is an "old-tyme" shortcut which should still work, but often does not for many different reasons. The "Fix" is to simply use the FQDN of your server when testing Apache or related Web services. === User directories === #userdir First, install the {{{httpd-userdir.conf}}} file: {{{ sudo cp /opt/local/etc/apache2/extra/httpd-userdir.conf.orig /opt/local/etc/apache2/extra/httpd-userdir.conf }}} Then, enable the userdir module. Edit `/opt/local/etc/apache2/httpd.conf`, locate the following line {{{ #LoadModule userdir_module lib/apache2/modules/mod_userdir.so }}} Uncomment it if necessary by removing the "`#`" at the start of the line so that it reads: {{{ LoadModule userdir_module lib/apache2/modules/mod_userdir.so }}} If you would like to be able to access web pages in the Sites directory of your home directory, edit `/opt/local/etc/apache2/httpd.conf` and locate the following line: {{{ #Include etc/apache2/extra/httpd-userdir.conf }}} Uncomment it by removing the "`#`" at the start of the line so that it reads: {{{ Include etc/apache2/extra/httpd-userdir.conf }}} This file: ''"/opt/local/etc/apache2/extra/httpd-userdir.conf"'' will activate the "Sites" sub-directory for all ~users on your system. (''"/Users/*/Sites"'') and contains initial, basic restrictions for access to the contents of that directory. After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. {{{ $ /opt/local/sbin/apachectl -t $ sudo port unload apache2 $ sudo port load apache2 }}} You can then view your personal pages by accessing http://localhost/~username/, where "username" is your Mac OS X account's short name. === Local Apache manual === #manual The [http://httpd.apache.org/docs/2.4/ Apache manual] is available on the Apache web site. If you would like to be able to access a copy of this manual on your web server, edit `/opt/local/etc/apache2/httpd.conf` and uncomment the following line: {{{ #Include etc/apache2/extra/httpd-manual.conf }}} So that it reads like this: {{{ Include etc/apache2/extra/httpd-manual.conf }}} Then install the {{{httpd-manual.conf}}} file: {{{ sudo cp /opt/local/etc/apache2/extra/httpd-manual.conf.orig /opt/local/etc/apache2/extra/httpd-manual.conf }}} After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. {{{ $ /opt/local/sbin/apachectl -t $ sudo port unload apache2 $ sudo port load apache2 }}} You can then view the manual by accessing http://localhost/manual/. === Apache SSL/TLS Encryption (aks Secure Sockets or https) === #ssl '''Note:''' Establishing Secure Sockets is a fairly extensive process. One should first read the current Apache2 documentation found in the Apache2 manual: {{{ http://httpd.apache.org/docs/2.4/ssl/ }}} ==== Generate a self-signed certificate ==== The following instructions are to generate a "self-signed" certificate.\\ This is simply a shortcut for testing purposes (a self-signed certificate is not recommended for production!).\\ The complete dialog is listed here for reference. The commands necessary are prefixed as "$ sudo", with comments prefixed with a #.\\ {{{ $ sudo openssl genrsa -des3 -out server.key 1024 # Enter pass phrase for server.key [enter your passphrase, a simple password we will remove soon] Generating RSA private key, 1024 bit long modulus .....++++++ ................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: $ sudo openssl req -new -key server.key -out server.csr # # [you can accept all the defaults, it does not matter, or customize it to your liking] Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: $ sudo openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt # [will ask for passphrase - the same as you entered in the first step] Signature ok subject=/C=US/ST=Pennsylvania/L=Elizabethtown/O=MVE/OU=Elizabethtown/CN=mcgillsociety.org/emailAddress=magill@icloud.com Getting Private key Enter pass phrase for server.key: $ sudo cp server.key server.key.bak $ sudo openssl rsa -in server.key.bak -out server.key # [will ask for passphrase - the same as you entered in the first step] Enter pass phrase for server.key.bak: writing RSA key $ sudo cp server.crt /opt/local/etc/apache2/ $ sudo cp server.key /opt/local/etc/apache2/ }}} '''Note:''' Certificate generation can be accomplished in any directory. If you did so in ''"/opt/local/etc/apache2"'' the last two copy commands are redundant, and will generate the following errors respectively: {{{ cp: /opt/local/etc/apache2/server.crt and server.crt are identical (not copied). cp: /opt/local/etc/apache2/server.key and server.key are identical (not copied). }}} Then enable the following in {{{/opt/local/etc/apache2/httpd.conf}}} {{{ LoadModule ssl_module modules/mod_ssl.so # Secure (SSL/TLS) connections Include etc/apache2/extra/httpd-ssl.conf }}} After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. {{{ $ /opt/local/sbin/apachectl -t $ sudo port unload apache2 $ sudo port load apache2 }}} The most likely error you will receive is: {{{ Syntax error on line 120 of /opt/local/etc/apache2/extra/httpd-ssl.conf: SSLCertificateFile: file '/opt/local/etc/apache2/server.crt' does not exist or is empty }}} If so, simply revisit the instructions above to create a self-signed certificate. ==== Verify your success ==== type ''"https://"'' in Safari. \\ Safari should return the pop-up: "Safari can't verify the identity of the website "" \\ At which point you can view the details of your certificate and select your appropriate actions. ==== Configure your "Virtual Host" ==== While you have verified your certificate, you will discover that you have no access to your server - ''"You don't have permission to access.... on this server."''\\ This is because the SSL Virtual Host has not been configured in ''"/opt/local/etc/apache2/extra/httpd-ssl.conf"'' Install the {{{httpd-ssl.conf}}} file: {{{ sudo cp /opt/local/etc/apache2/extra/httpd-ssl.conf.orig /opt/local/etc/apache2/extra/httpd-ssl.conf }}} Edit ''"/opt/local/etc/apache2/extra/httpd-ssl.conf"'' and moved down to the section: {{{ # General setup for the virtual host DocumentRoot "/opt/local/www/apache2/html" ServerName www.example.com:443 ServerAdmin you@example.com ErrorLog "/opt/local/var/log/apache2/error_log" TransferLog "/opt/local/var/log/apache2/access_log" }}} Configure this section appropriately. \\ Assuming you wish to implement SSL on your entire server, ''DocumentRoot'' and ''ServerName'' should match the values in ''"/opt/local/apache2/conf/httpd.conf"''\\ As there are many optional ways of configuring security on your web server, consult the Apache2 manual for details: http://httpd.apache.org/docs/2.4/ssl/ After each change to the config file, you should again verify the file syntax, and then you need to stop and restart Apache for the changes to take effect. {{{ $ /opt/local/sbin/apachectl -t $ sudo port unload apache2 $ sudo port load apache2 }}} [wiki:howto <- Back to the HOWTO section]