jayser247

Q: apache2 port 80 and 443 (turn off)

Hello,

 

I'm running 10.11.2 server and I'm using the web server to host our company intranet. I have our website using a different port number though.

 

I notice that I can't disable port 80 and 443 in the gui and I can't fine what config host the "Listen" option. How can someone let me know?

 

Lastly, I notice when I do a update on a document in our intranet folder, the permissions get all weird and we get deny errors. So I have to redo the permissions every time I do an update to a document or something. Any clues on that?

 

Please let me know. I had it running on 10.5 before and didn't have these types of issues.

 

Thanks,

 

Jason

Posted on Feb 21, 2016 10:07 AM

Close

Q: apache2 port 80 and 443 (turn off)

  • All replies
  • Helpful answers

  • by MrHoffman,

    MrHoffman MrHoffman Feb 21, 2016 10:44 AM in response to jayser247
    Level 6 (15,627 points)
    Mac OS X
    Feb 21, 2016 10:44 AM in response to jayser247

    If you want to shut off Apache, that can be feasible, but various parts of OS X Server will want to start and run the web server, and Apache on OS X is wired to want to use TCP ports 80 and 443 for HTTP and HTTPS traffic for itself and other services.   (Various other services present on OS X Server are dependent on Apache.)


    If you're posting documents directly to the web directories, those documents must be at least read accessible to the _www user.   You can add that access via file and directory access control lists, as the file owner or group through a manual chown or GUI Get Info, or as some secondary processing within whatever script or tool releases and relocated the documents into the web server directories.


    Alternatively, push the documents to a WebDAV share, and access the files that way.  (That'll take some configuration to enable via Apache.)


    Or migrate to a content management or document management system, and let that deal with the protections and storage.

     

    If you want to tailor the environment or replace the web server, you're likely better served by moving from OS X to Linux or BSD, as those operating systems are intended to allow great flexibility.   You're seemingly fighting with how OS X works, and that usually ends in frustration.

  • by jayser247,

    jayser247 jayser247 Mar 8, 2016 12:03 PM in response to MrHoffman
    Level 1 (0 points)
    Mar 8, 2016 12:03 PM in response to MrHoffman

    Thanks!

     

    I was able to stop the listening for ports 80 and 443. The issue I have now is the permissions when someone updates a file.

     

    When everything is working.. The right for the group admin is Read Only and for Others too.

     

    After someone changes something they are changed to none. And then no one can pull up the docs from the website. I have to go to the "Intranet" folder and choose  "Propagate Permissions" to fix it every time.

  • by MrHoffman,

    MrHoffman MrHoffman Mar 9, 2016 5:13 AM in response to jayser247
    Level 6 (15,627 points)
    Mac OS X
    Mar 9, 2016 5:13 AM in response to jayser247

    If you are going to work with propagate permissions — managing this stuff from the command line via chown and chmod scripts is the local preference, as I can tailor the settings — either make the files owned by _www or add an access control list entry that allows _www access.   Tailor the settings?  I don't usually leave (most of) the files and directories writable by the web server, as the web server shouldn't ever be making modifications to, for instance, any scripts that are in use.

  • by Leopardus,

    Leopardus Leopardus Mar 10, 2016 6:20 AM in response to jayser247
    Level 4 (1,122 points)
    Desktops
    Mar 10, 2016 6:20 AM in response to jayser247

    If Apple's web interface is not needed you can reclaim those by editing:

     

       /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf

     

    Comment the following lines by simply putting a # in front of each line:

     

       listen 80

       listen 443

     

    When Apple's web interface is needed, ie it is even claimed when you run OD Master, the alternative option is to mulithome the Ethernet Connection. The primary interface will then be attached to Apple and you can run the other stuff on the secondary IP address. I have one setup using four such secondary addresses, albeit they are not high volume services. To do this the VirtualHost directives in the apache_serviceproxy.conf file needs to be edited. Apple originally configures the service to listen on all interfaces:

     

         <VirtualHost *:80>

         <VirtualHost *:443>

    You only have to change the * to the primary IP address. This will restrict Apple's service to listen only on that IP address.

     

    Leo

     

    Thanks Reid Bondonis - Author : El Capitan Server - Several books      (All worth every cent)    

                                                         Yosemite Server - Several books

                                                          Mavericks Server - Several books

  • by jayser247,

    jayser247 jayser247 Mar 10, 2016 11:53 AM in response to MrHoffman
    Level 1 (0 points)
    Mar 10, 2016 11:53 AM in response to MrHoffman

    Thank you!

    I'm not really savvy on using the command line. We store some docs and pdfs on the sites so people can view them or download them. Some are basic templates that people may need and we usually have a couple people access them via a drive mapping to make updates when things change.