-
All replies
-
Helpful answers
-
Feb 21, 2016 10:44 AM in response to jayser247by MrHoffman,If you want to shut off Apache, that can be feasible, but various parts of OS X Server will want to start and run the web server, and Apache on OS X is wired to want to use TCP ports 80 and 443 for HTTP and HTTPS traffic for itself and other services. (Various other services present on OS X Server are dependent on Apache.)
If you're posting documents directly to the web directories, those documents must be at least read accessible to the _www user. You can add that access via file and directory access control lists, as the file owner or group through a manual chown or GUI Get Info, or as some secondary processing within whatever script or tool releases and relocated the documents into the web server directories.
Alternatively, push the documents to a WebDAV share, and access the files that way. (That'll take some configuration to enable via Apache.)
Or migrate to a content management or document management system, and let that deal with the protections and storage.
If you want to tailor the environment or replace the web server, you're likely better served by moving from OS X to Linux or BSD, as those operating systems are intended to allow great flexibility. You're seemingly fighting with how OS X works, and that usually ends in frustration.
-
Mar 8, 2016 12:03 PM in response to MrHoffmanby jayser247,Thanks!
I was able to stop the listening for ports 80 and 443. The issue I have now is the permissions when someone updates a file.
When everything is working.. The right for the group admin is Read Only and for Others too.
After someone changes something they are changed to none. And then no one can pull up the docs from the website. I have to go to the "Intranet" folder and choose "Propagate Permissions" to fix it every time.
-
Mar 9, 2016 5:13 AM in response to jayser247by MrHoffman,If you are going to work with propagate permissions — managing this stuff from the command line via chown and chmod scripts is the local preference, as I can tailor the settings — either make the files owned by _www or add an access control list entry that allows _www access. Tailor the settings? I don't usually leave (most of) the files and directories writable by the web server, as the web server shouldn't ever be making modifications to, for instance, any scripts that are in use.
-
Mar 10, 2016 6:20 AM in response to jayser247by Leopardus,If Apple's web interface is not needed you can reclaim those by editing:
/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf
Comment the following lines by simply putting a # in front of each line:
listen 80
listen 443
When Apple's web interface is needed, ie it is even claimed when you run OD Master, the alternative option is to mulithome the Ethernet Connection. The primary interface will then be attached to Apple and you can run the other stuff on the secondary IP address. I have one setup using four such secondary addresses, albeit they are not high volume services. To do this the VirtualHost directives in the apache_serviceproxy.conf file needs to be edited. Apple originally configures the service to listen on all interfaces:
<VirtualHost *:80>
<VirtualHost *:443>
You only have to change the * to the primary IP address. This will restrict Apple's service to listen only on that IP address.
Leo
Thanks Reid Bondonis - Author : El Capitan Server - Several books (All worth every cent)
Yosemite Server - Several books
Mavericks Server - Several books
-
Mar 10, 2016 11:53 AM in response to MrHoffmanby jayser247,Thank you!
I'm not really savvy on using the command line. We store some docs and pdfs on the sites so people can view them or download them. Some are basic templates that people may need and we usually have a couple people access them via a drive mapping to make updates when things change.