D.F.

Q: How to make Server 5 not listen to ports 80 and 443

I want to setup an Apache server in a Linux virtual machine (using latest VirtualBox) on my Mac running El Capitan 10.11.3.

 

Server 5.0.15 is already running on this Mac (and I want to keep it, except for web services). I disabled web sharing in the Server GUI but it was not enough, Apache still listened to ports 80 and 443, forbidding VirtualBox to listen to them and forward them to the Linux virtual machine.

 

So I commented out these lines in /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf :

#listen 80

#listen 443

#listen 8008

#listen 8800

#listen 8443

#listen 8843

 

After a reboot Apache seems to not listen to ports 80 and 443 anymore. However VirtualBox does not become the listener. I tried this command in the Mac terminal:

sudo lsof -i :80

and nothing was returned, suggesting that something in OS X still prevents VirtualBox to listen to ports 80 and 443. If I try to forward some random port from the Mac host to port 80 in the virtual machine, then I can access my virtualized webserver from Safari on the Mac host, through said custom port. But I'd like to use the standard port 80.

 

Any help truly appreciated.

Mac mini, OS X El Capitan (10.11.3), Server 5.0.15

Posted on Mar 20, 2016 8:59 AM

Close

Q: How to make Server 5 not listen to ports 80 and 443

  • All replies
  • Helpful answers

  • by Leopardus,Helpful

    Leopardus Leopardus Mar 20, 2016 12:15 PM in response to D.F.
    Level 4 (1,122 points)
    Desktops
    Mar 20, 2016 12:15 PM in response to D.F.

    Instead of commenting it out, assign a specific IP for Server to listen to instead of * (meaning all IP's.) That only for Server on port 80 and 443 in that config file. I sometimes give to the ethernet an extra IP address. Your Linux Machine can connect to the second IP or the first, original IP assigned to your server depending on your configuration.

    Server is very aggressive in it's use of the ports, thus it leaves all the services to function, while you have the use of the ports on other IP's.

     

    Leo

  • by D.F.,

    D.F. D.F. Mar 20, 2016 9:45 AM in response to Leopardus
    Level 1 (21 points)
    Mar 20, 2016 9:45 AM in response to Leopardus

    Thanks for your help. I'm not an expert: do you mean that I must have at least two different IPs? I'm running Server on a home Mac, meaning I have only one (external) IP address provided by my ISP. I'd like the virtualized Linux webserver to be reachable from the outside.

  • by Leopardus,Helpful

    Leopardus Leopardus Mar 20, 2016 12:15 PM in response to D.F.
    Level 4 (1,122 points)
    Desktops
    Mar 20, 2016 12:15 PM in response to D.F.

    In system preferences, you can give the ethernet connection more than one IP address, it is not a must. Simply sort your DNS and your router out to point to this IP too. The ethernet card will listen on any IP address that it get's allocated. But server, for a lot of it's own services actively listens and uses all IP addresses availble. If you restrict it to one however, this then leave you room to use the others.

     

    I am just relaying to you one way that I have used to solve a similar, not identical problem.

    Maybe MrHoffmann, Strontium90, John Lockwood and Petrobytes have some other ideas. They always have very sound ideas.

     

    Getting the series of books about Server that Reid Bondonis wrote, I can only recommend. You can also have a look at http://krypted.com/guides/el-capitan-server/

     

    Leo

  • by D.F.,

    D.F. D.F. Mar 20, 2016 12:16 PM in response to Leopardus
    Level 1 (21 points)
    Mar 20, 2016 12:16 PM in response to Leopardus

    Thank you. I'll try your suggestion, but first I'll try to find if there is a simpler way to “free” ports 80 and 443 from the almighty Server. I can't understand why Apple is so restrictive on this question.

  • by Leopardus,

    Leopardus Leopardus Mar 20, 2016 12:47 PM in response to D.F.
    Level 4 (1,122 points)
    Desktops
    Mar 20, 2016 12:47 PM in response to D.F.

    Pleasure D.F.

     

    In OS X El Capitan with Server 5.0.15 (build15S4033), DNS must be configured correctly, taking in account that with Open Directory and Profile Manager running, Apple has really clamped down on the port settings for server. It takes ownership of a list of ports on all available interfaces. If you do need the profile manager, wiki etc running, the lower numbered IP4 interface should be leaved for the default server. The higher numbered should be your virtual hosts (websites) You can create these 'new' interfaces in Network settings. If you are not sure how to, ask for instructions.

     

    It is necessary to edit the virtual host ports which are in:

     

    /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf

     

    and change the lines by substituting the * with the lower IP4 Adress as applicable, leaving the other 'virtual ethernet interfaces' available for the rest. Repeat for those ports as in this file, ie:

     

    <VirtualHost *:80> 

    <VirtualHost *:443>

     

    but take care not to change the structure.

    Create the virtual domains (websites) in the Websites window of server. Ensure that besides the Zone, A records, C records, DNS (referring to the primary DNS) are all in place. Restart the Mac and test. If the failure of too many redirects occur on your profile manager, change the SSL port (443) back.


    Maybe Strontium can explain why the redirect problem is still there as I have searched, but have not found as yet the reason.

    Mine works without a problem, and this has been throught several iterations of upgrades.

     

    Have fun

     

    Leo

     

    PS. It was Reid Bondonis whose scribblings lead me to this.

  • by John Lockwood,

    John Lockwood John Lockwood Mar 21, 2016 5:06 AM in response to D.F.
    Level 6 (9,309 points)
    Servers Enterprise
    Mar 21, 2016 5:06 AM in response to D.F.

    I run several Linux VMs on a Mac server each running different web sites. I have given each Linux VM its own static IP address and configured Virtualbox to run the network interface for each Linux VM in bridge mode. I then point a DNS record to each of the static IP addresses. I have therefore no conflicts with the Mac hosts own web-server.

     

    Of course this may not be suitable for everyone as it may require having multiple public IP addresses. However even here running a reverse proxy server may be a solution as the reverse proxy server can forward the traffic to the individual destinations based on the host/dns name of the request. In my case the web sites these Linux VMs are running are not intended for Internet access only for internal access or via a VPN connection so I don't need to worry about public IP addresses.