<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Setup Web and DNS</title> <meta content="C. de Laat" name="author"> </head> <body style=" color: azure; background-color: black;" vlink="#ffff66" alink="#ff9900" link="#ffcc66"> <table width="100%" border="0" align="left"> <tbody> <tr> <td valign="top"> <a href="http://www.delaat.net/"><img src="../home.png" border="2" height="40"></a> </td> <td valign="top"> <h1 style="text-align: center;"> <span style="color: rgb(255, 255, 102);">Web Server (apache) and DNS (bind) setup on a MacMini using Homebrew<br> </span></h1> </td> <td valign="top" align="right"><a href="http://sne.science.uva.nl/"><img style="width: 79px; height: 40px;" alt="" src="../logo-sne.png" width="78" border="2" height="40"></a><a href="http://www.uva.nl/"><img src="../logo-uva.png" width="40" border="2" height="40"></a> </td> </tr> <tr> <td colspan="3" rowspan="1"> <h2>DNS and HTTPD server setup</h2> Possible setups: <ul> <li>via homebrew <ol> <li><a href="https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions">https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions</a></li> <li><a href="https://getgrav.org/blog/macos-mojave-apache-mysql-vhost-apc">https://getgrav.org/blog/macos-mojave-apache-mysql-vhost-apc</a></li> <li><a href="https://getgrav.org/blog/macos-mojave-apache-ssl">https://getgrav.org/blog/macos-mojave-apache-ssl</a></li> <li><a href="https://certbot.eff.org/lets-encrypt/osx-apache">https://certbot.eff.org/lets-encrypt/osx-apache</a></li> </ol> </li> <li>Using only installed version <ul> <li><a href="https://coolestguidesontheplanet.com/install-apache-mysql-php-on-macos-mojave-10-14/">https://coolestguidesontheplanet.com/install-apache-mysql-php-on-macos-mojave-10-14/</a></li> </ul> </li> <li>via server (depricated) <ul> <li><a href="https://www.macstrategy.com/article.php?210">https://www.macstrategy.com/article.php?210</a></li> </ul> </li> </ul> In this table are the commands for apache via brew as in <a href="https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions">https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions</a>.<br> Apple server needs to be completely uninstalled and out of the window!<br> <ul> <ul> </ul> </ul> <table border="1"> <tbody style="vertical-align: top;"> <tr style="background-color: rgb(148, 23, 81);"> <td><br> </td> <td>cmd</td> <td>comment </td> </tr> <tr style="background-color: rgb(0, 0, 104);"> <td><br> </td> <td><b>Xcode</b><br> </td> <td><br> </td> </tr> <tr> <td>S<br> </td> <td>install Xcode<br> </td> <td><br> </td> </tr> <tr> <td>S</td> <td>xcode-select --install</td> <td><br> </td> </tr> <tr style="background-color: rgb(0, 0, 104);"> <td><br> </td> <td>BREW</td> <td><br> </td> </tr> <tr> <td>S</td> <td>ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"</td> <td><br> </td> </tr> <tr> <td>T</td> <td>brew --version</td> <td><br> </td> </tr> <tr> <td>S</td> <td>brew update</td> <td><br> </td> </tr> <tr> <td>S</td> <td>brew upgrade</td> <td><br> </td> </tr> <tr> <td>S</td> <td>brew doctor</td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo chown -R "$USER":admin /usr/local<br> sudo chown -R "$USER":admin /Library/Caches/Homebrew</td> <td><br> </td> </tr> <tr> <td>S</td> <td>brew install openldap libiconv</td> <td><br> </td> </tr> <tr style="background-color: rgb(0, 0, 104);"> <td><br> </td> <td>APACHE</td> <td><br> </td> </tr> <tr> <td>S</td> <td>sudo apachectl stop</td> <td><br> </td> </tr> <tr> <td>S</td> <td>sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist 2&gt;/dev/null</td> <td><br> </td> </tr> <tr> <td>S</td> <td>brew install httpd<br> </td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo brew services start httpd<br> </td> <td><br> </td> </tr> <tr> <td>T</td> <td>ps -aef | grep httpd<br> </td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo brew services restart httpd<br> </td> <td><br> </td> </tr> <tr> <td>T</td> <td>tail -f /usr/local/var/log/httpd/error_log<br> </td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo apachectl stop</td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo apachectl -k restart</td> <td><br> </td> </tr> <tr> <td>T </td> <td>apachectl -S</td> <td>to get setup paths</td> </tr> <tr> <td>T </td> <td>apachectl configtest</td> <td>test</td> </tr> <tr> <td>S<br> </td> <td>bbedit /usr/local/etc/httpd/httpd.conf<br> </td> <td><br> </td> </tr> <tr> <td>S<br> </td> <td>HTTPD edits including vhosts: <ol> <li>Listen 8080 =&gt; Listen 80</li> <li>enable ==&gt; LoadModule deflate_module lib/httpd/modules/mod_deflate.so</li> <li>enable ==&gt; LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so</li> <li>enable ==&gt; LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so</li> <li>ServerAdmin admin@domain.net</li> <li>#ServerName www.example.com:8080 ==&gt; ServerName localhost:80</li> <li>enable ==&gt; Include /usr/local/etc/httpd/extra/httpd-autoindex.conf</li> <li>enable ==&gt; Include /usr/local/etc/httpd/extra/httpd-vhosts.conf</li> </ol> </td> <td><br> </td> </tr> <tr> <td><br> </td> <td>vhosts<br> <ol> </ol> <p>edit: /usr/local/etc/httpd/extra/httpd-vhosts.conf</p> <b>Include catch directory and for vhosts:</b> <br> &lt;VirtualHost *:80&gt;<br> &nbsp;&nbsp;&nbsp; DocumentRoot "/usr/local/var/www"<br> &nbsp;&nbsp;&nbsp; ServerName catch.delaat.net<br> &lt;/VirtualHost&gt;<br> &lt;Directory "/usr/local/var/www"&gt;<br> &nbsp;&nbsp;&nbsp; Options Indexes FollowSymLinks<br> &nbsp;&nbsp;&nbsp; AllowOverride All<br> &nbsp;&nbsp;&nbsp; Require all granted<br> &lt;/Directory&gt;<br> <br> &lt;VirtualHost *:80&gt;<br> &nbsp;&nbsp;&nbsp; DocumentRoot "/Users/delaat/Sites"<br> &nbsp;&nbsp;&nbsp; ServerName delaat.net<br> &nbsp;&nbsp;&nbsp; ServerAlias alias.delaat.net<br> &lt;/VirtualHost&gt;<br> &lt;Directory "/Users/delaat/Sites"&gt;<br> &nbsp;&nbsp;&nbsp; Options Indexes FollowSymLinks<br> &nbsp;&nbsp;&nbsp; AllowOverride All<br> &nbsp;&nbsp;&nbsp; Require all granted<br> &lt;/Directory&gt;<br> <br> DocumentRoot "/usr/local/var/www" ==&gt; DocumentRoot "/Users/delaat/Sites"<br> Directory "/usr/local/var/www" ==&gt; Directory "/Users/delaat/Sites"</td> <td><br> </td> </tr> <tr style="background-color: rgb(0, 0, 104);"> <td><br> </td> <td><b>php</b></td> <td><br> </td> </tr> <tr> <td>S</td> <td>brew install php</td> <td>DOES NOT WORK BECAUSE OF mod_mpm_event.so</td> </tr> <tr> <td><br> </td> <td>To enable PHP in Apache add the following to httpd.conf and restart Apache:<br> &nbsp;&nbsp;&nbsp; LoadModule php7_module /usr/local/opt/php/lib/httpd/modules/libphp7.so<br> <br> &nbsp;&nbsp;&nbsp; &lt;FilesMatch \.php$&gt;<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SetHandler application/x-httpd-php<br> &nbsp;&nbsp;&nbsp; &lt;/FilesMatch&gt;<br> <br> Finally, check DirectoryIndex includes index.php<br> &nbsp;&nbsp;&nbsp; DirectoryIndex index.php index.html<br> <br> The php.ini and php-fpm.ini file can be found in:<br> &nbsp;&nbsp;&nbsp; /usr/local/etc/php/7.3/<br> <br> To have launchd start php now and restart at login:<br> &nbsp; brew services start php<br> Or, if you don't want/need a background service you can just run:<br> &nbsp; php-fpm</td> <td><br> </td> </tr> <tr style="background-color: rgb(0, 0, 104);"> <td><br> </td> <td><b>certbot</b></td> <td><br> </td> </tr> <tr> <td><br> </td> <td>sudo install -d -o $(whoami) -g admin /usr/local/Frameworks</td> <td><br> </td> </tr> <tr> <td><br> </td> <td>brew install certbot</td> <td><br> </td> </tr> <tr> <td><br> </td> <td>HTTPD edits: Uncomment:<br> <ul> <li>LoadModule ssl_module modules/mod_ssl.so</li> <li>LoadModule socache_shmcb_module modules/mod_socache_shmcb.so</li> </ul> <p>add at the end:</p> <p>&lt;IfModule mod_ssl.c&gt;<br> &nbsp;&nbsp; Listen 443<br> &lt;/IfModule&gt;<br> Include /usr/local/etc/httpd/extra/httpd-vhosts-le-ssl.conf</p> <p>create if needed httpd-vhosts-le-ssl.conf</p> <p>&lt;VirtualHost *:443&gt;<br> &nbsp;&nbsp;&nbsp; DocumentRoot "/Users/XXXX/Sites"<br> &nbsp;&nbsp;&nbsp; ServerName delaat.net<br> &nbsp;&nbsp;&nbsp; ServerAlias ipv4.delaat.net ipv6.delaat.net<br> &nbsp;&nbsp;&nbsp; ServerAlias www.delaat.net <br> Include /etc/letsencrypt/options-ssl-apache.conf<br> SSLCertificateFile /etc/letsencrypt/live/XXXXXXX/fullchain.pem<br> SSLCertificateKeyFile /etc/letsencrypt/live/XXXXXXX/privkey.pem<br> &lt;/VirtualHost&gt;</p> <p>and in httpd-vhosts.conf e.g.:</p> <p>&lt;VirtualHost *:80&gt;<br> &nbsp;&nbsp;&nbsp; DocumentRoot "/Users/delaat/Sites"<br> &nbsp;&nbsp;&nbsp; ServerName delaat.net<br> &nbsp;&nbsp;&nbsp; ServerAlias ipv4.delaat.net ipv6.delaat.net<br> &nbsp;&nbsp;&nbsp; ServerAlias www.delaat.net <br> RewriteEngine on<br> RewriteCond %{SERVER_NAME} =ipv4.delaat.net [OR]<br> RewriteCond %{SERVER_NAME} =delaat.net [OR]<br> RewriteCond %{SERVER_NAME} =www.delaat.net [OR]<br> RewriteCond %{SERVER_NAME} =ipv6.delaat.net<br> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]<br> &lt;/VirtualHost&gt;</p> <ul> </ul> </td> <td><br> </td> </tr> <tr> <td>S<br> </td> <td>sudo certbot --apache<br> or<br> sudo certbot --apache --staging<br> and after successful testing:<br> sudo certbot --apache --force-renewal</td> <td><br> </td> </tr> <tr> <td>O<br> </td> <td>sudo certbot renew --dry-run</td> <td><br> </td> </tr> <tr> <td>O<br> </td> <td>sudo certbot renew</td> <td>for production</td> </tr> <tr> <td>O</td> <td>sudo certbot certificates</td> <td><br> </td> </tr> <tr> <td>S<br> </td> <td>0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' &amp;&amp; certbot renew<br> <br> OR:<br> <br> &nbsp;/Library/LaunchDaemons/com.certbot.renew.plist<br> <br> &lt;?xml version="1.0" encoding="UTF-8"?&gt;<br> &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt;<br> &lt;plist version="1.0"&gt;<br> &lt;dict&gt;<br> &nbsp;&nbsp;&nbsp; &lt;key&gt;Label&lt;/key&gt;<br> &nbsp;&nbsp;&nbsp; &lt;string&gt;com.certbot.renew&lt;/string&gt;<br> &nbsp;&nbsp;&nbsp; &lt;key&gt;ProgramArguments&lt;/key&gt;<br> &nbsp;&nbsp;&nbsp; &lt;array&gt;<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;string&gt;certbot&lt;/string&gt;<br> &nbsp;&nbsp;&nbsp; &lt;string&gt;renew&gt;&lt;/string&gt; <br> &nbsp;&nbsp;&nbsp; &lt;/array&gt;<br> &nbsp;&nbsp;&nbsp; &lt;key&gt;StartCalendarInterval&lt;/key&gt;<br> &nbsp;&nbsp;&nbsp; &lt;dict&gt;<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;key&gt;Hour&lt;/key&gt;<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;integer&gt;14&lt;/integer&gt;<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;key&gt;Minute&lt;/key&gt;<br> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;integer&gt;56&lt;/integer&gt;<br> &nbsp;&nbsp;&nbsp; &lt;/dict&gt;<br> &nbsp;&nbsp;&nbsp; &lt;key&gt;StandardOutPath&lt;/key&gt;<br> &nbsp;&nbsp;&nbsp; &lt;string&gt;/usr/local//var/log/certbot.renew.log&lt;/string&gt;<br> &nbsp;&nbsp;&nbsp; &lt;key&gt;StandardErrorPath&lt;/key&gt;<br> &nbsp;&nbsp;&nbsp; &lt;string&gt;/usr/local//var/log/certbot.renew.log&lt;/string&gt;<br> &nbsp;&lt;/dict&gt;<br> &lt;/plist&gt;<br> <br> sudo chown root:wheel /Library/LaunchDaemons/com.certbot.renew.plist<br> sudo launchctl load -w /Library/LaunchDaemons/com.certbot.renew.plist<br> sudo launchctl list | grep cert<br> </td> <td><br> </td> </tr> <tr> <td>S</td> <td>HTTPD edits to enable http2<br> <ol> <li>disable ===&gt; #LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so</li> <li>enable ===&gt; LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so</li> <li>enable ===&gt; LoadModule http2_module lib/httpd/modules/mod_http2.so</li> <li>add ===&gt; Protocols h2 h2c http/1.1</li> </ol> </td> <td><br> </td> </tr> <tr style="background-color: rgb(0, 0, 104);"> <td><br> </td> <td><b>BIND</b><br> </td> <td><br> </td> </tr> <tr> <td>S</td> <td>brew install bind</td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo brew services start bind</td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo brew services restart bind</td> <td><br> </td> </tr> <tr> <td>O</td> <td>sudo brew services stop bind</td> <td><br> </td> </tr> <tr> <td>S<br> </td> <td>/usr/local/etc/named.conf</td> <td><br> </td> </tr> <tr> <td>S</td> <td>/usr/local/var/named/ </td> <td><br> </td> </tr> <tr> <td>T<br> </td> <td>host -t ns delaat.net </td> <td><br> </td> </tr> </tbody> </table> <span style="color: rgb(51,255, 51);">How this page is made (author Cees de Laat):<br> bluegriffon<br> </span> </td> </tr> </tbody> </table> <br> </body> </html>