Web Server (apache) and DNS (bind) setup on a MacMini using Homebrew


Web Server (apache) and DNS (bind) setup on a MacMini using Homebrew S=Setup, O=Operational, T=Test

Online references

In this table are the commands for apache, bind and certbot via brew as in https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions.
The previous Apple server needs to be completely uninstalled and out of the window!

XCODE - command line tools
S install Xcode
S xcode-select --install Apple's command line tools need to be installed

BREW
S ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
T brew --version https://docs.brew.sh/FAQ
O brew update
O brew upgrade to upgrade all installed programs to newest version.
O brew doctor
O sudo chown -R "$USER":admin /usr/local
sudo chown -R "$USER":admin /Library/Caches/Homebrew		 to correct prmissions
S brew install openldap libiconv

APACHE
S sudo apachectl stop
S sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist 2>/dev/null
S brew install httpd
O sudo brew services start httpd
T ps -aef | grep httpd
O sudo brew services restart httpd
T tail -f /usr/local/var/log/httpd/error_log
O sudo apachectl stop
O sudo apachectl -k restart
T apachectl -S to get setup paths
T apachectl configtest test
S bbedit /usr/local/etc/httpd/httpd.conf
S HTTPD edits including vhosts:
  1. Listen 8080 => Listen 80
  2. enable ==> LoadModule deflate_module lib/httpd/modules/mod_deflate.so
  3. enable ==> LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
  4. enable ==> LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
  5. ServerAdmin admin@domain.net
  6. #ServerName www.example.com:8080 ==> ServerName localhost:80
  7. enable ==> Include /usr/local/etc/httpd/extra/httpd-autoindex.conf
  8. enable ==> Include /usr/local/etc/httpd/extra/httpd-vhosts.conf
S vhosts, Include catch directory and for vhosts:

edit: /usr/local/etc/httpd/extra/httpd-vhosts.conf


<VirtualHost *:80>
    DocumentRoot "/usr/local/var/www"
    ServerName catch.delaat.net
</VirtualHost>
<Directory "/usr/local/var/www">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<VirtualHost *:80>
    DocumentRoot "/Users/delaat/Sites"
    ServerName delaat.net
    ServerAlias alias.delaat.net
</VirtualHost>
<Directory "/Users/delaat/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

DocumentRoot "/usr/local/var/www" ==> DocumentRoot "/Users/delaat/Sites"
Directory "/usr/local/var/www" ==> Directory "/Users/delaat/Sites"

PHP
S brew install php DOES NOT WORK BECAUSE OF mod_mpm_event.so
incompatible cashing regimes!
S To enable PHP in Apache add the following to httpd.conf and restart Apache:
    LoadModule php7_module /usr/local/opt/php/lib/httpd/modules/libphp7.so

    <FilesMatch \.php$>
        SetHandler application/x-httpd-php
    </FilesMatch>

Finally, check DirectoryIndex includes index.php
    DirectoryIndex index.php index.html

The php.ini and php-fpm.ini file can be found in:
    /usr/local/etc/php/7.3/

To have launchd start php now and restart at login:
  brew services start php
Or, if you don't want/need a background service you can just run:
  php-fpm

CERTBOT - Let's Encrypt
S sudo install -d -o $(whoami) -g admin /usr/local/Frameworks
S brew install certbot
S HTTPD edits: Uncomment:
  • LoadModule ssl_module modules/mod_ssl.so
  • LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

add at the end:

<IfModule mod_ssl.c>
   Listen 443
</IfModule>
Include /usr/local/etc/httpd/extra/httpd-vhosts-le-ssl.conf

create if needed httpd-vhosts-le-ssl.conf

<VirtualHost *:443>
    DocumentRoot "/Users/XXXX/Sites"
    ServerName delaat.net
    ServerAlias ipv4.delaat.net ipv6.delaat.net
    ServerAlias www.delaat.net
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/XXXXXXX/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXXXXX/privkey.pem
</VirtualHost>

and in httpd-vhosts.conf e.g.:

<VirtualHost *:80>
    DocumentRoot "/Users/delaat/Sites"
    ServerName delaat.net
    ServerAlias ipv4.delaat.net ipv6.delaat.net
    ServerAlias www.delaat.net
RewriteEngine on
RewriteCond %{SERVER_NAME} =ipv4.delaat.net [OR]
RewriteCond %{SERVER_NAME} =delaat.net [OR]
RewriteCond %{SERVER_NAME} =www.delaat.net [OR]
RewriteCond %{SERVER_NAME} =ipv6.delaat.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
S sudo certbot --apache
or
sudo certbot --apache --staging
and after successful testing:
sudo certbot --apache --force-renewal
O sudo certbot renew --dry-run
O sudo certbot renew for production
O sudo certbot certificates
S /Library/LaunchDaemons/com.certbot.renew.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.certbot.renew</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/certbot</string>
    <string>renew></string>
    </array>
    <key>StartCalendarInterval</key>
    <dict>
        <key>Hour</key>
        <integer>14</integer>
        <key>Minute</key>
        <integer>56</integer>
    </dict>
    <key>StandardOutPath</key>
    <string>/usr/local/var/log/certbot.renew.log</string>
    <key>StandardErrorPath</key>
    <string>/usr/local/var/log/certbot.renew.log</string>
 </dict>
</plist>
S sudo chown root:wheel /Library/LaunchDaemons/com.certbot.renew.plist
sudo launchctl load -w /Library/LaunchDaemons/com.certbot.renew.plist
sudo launchctl list | grep cert

HTTP2
S HTTPD edits to enable http2
  1. disable ===> #LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so
  2. enable ===> LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
  3. enable ===> LoadModule http2_module lib/httpd/modules/mod_http2.so
  4. add ===> Protocols h2 h2c http/1.1

BIND
S brew install bind
O sudo brew services start bind
O sudo brew services restart bind
O sudo brew services stop bind
S /usr/local/etc/named.conf
S /usr/local/var/named/
T host -t ns delaat.net

MacMini Setup (for SC/webcam/demo)

  • Users & Groups
    • SNE-Admin
      • sne-admin
    • SNE-demo
      • sne-demo
    • Login Options
      • auto login sne-demo
  • Power settings
    • never sleep computer
    • restart after power fail
    • prevent display sleep
    • awake with net access
    • start up 8h00 in the morning
  • Desktop & Screen Saver
    • no screen saver
  • Sharing
    • Screen Sharing
    • File Sharing
    • Remote login
  • Security
    • turn off screen lock
    • enable location services
    • no filevault
  • Date & Time
    • automatic time adjustment
  • Display Menu.app and WebCamMonitor App
  • Desk picture SNE logo
  • Team Viewer Setup
  • EvoCam Setup
    • Evocam5 download
      • serial ES56-MUDX-9LD6-BRAG
      • Note:
        • EvoCam 4 crashes now and then but does recording fine!
        • EvoCam 5 is more stable but gives unusable recordings!
        • note that sometimes the high res recording looks like taken at low res!
          Make sure to open first the small and then the big window.
    • Settings
      • Preferences
        • web server port nr 10456
        • Log Web Server access
        • auto-open docs from previous session at startup
        • make sure the low res is in the back.
        • Finder Cam1.settings on desktop put in dock and set Open at login
        Cam1.evocamsettings
        • 320 * 180
        • 384 * 216
        • 480 * 270
        • font size 12
        • framerate 15
        • quality normal normal
        • fontsize 9
      • Cam2.evocamsettings
        • 1280 * 720
        • framerate 15
        • quality normal normal
      • Other resolutions 16*9
      • 256    144    YouTube 144p
      • 426    240   
      • 640    360    nHD
      • 768    432   
      • 800    450   
      • 848    480   
      • 896    504   
      • 960    540    qHD
      • 1024    576   
      • 1152    648   
      • 1280    720    HD
      • 1366    768    WXGA
      • 1600    900    HD+
      • 1920    1080    Full HD
      • 2000    1125   
      • 2048    1152   
      • 2304    1296   
      • 2560    1440    QHD
      • 2880    1620   
      • 3200    1800    QHD+
      • 3520    1980   
      • 3840    2160    4K UHD
      • 4096    2304    Full 4K UHD
      • 4480    2520   
      • 5120    2880    5K UHD
      • 5760    3240   
      • 6400    3600   
      • 7040    3960   
      • 7680    4320    8K UHD
      • 15360    8640    16K
      • NOTE: the low resolution serve must start first, then the high resolution, otherwise video is low quality.


How this page is made (author Cees de Laat):