Previous 1 2 Next 18 Replies Latest reply: Jan 5, 2014 4:52 AM by Neville Hillyer
pamela.parks Level 1 Level 1 (0 points)

I occasionally do a bit of web design and off and on have hosted a few sites on my local network.  Today I took on a bit more ambitious project to locally host a weather station. 

Most of my day disappeared as I ran into a load of changes to the "WebServer" since the last time I fooled with it. I am running Mavericks and the last time I did much with the webserver was probably OS 10.4.

Just getting the default "It works!" page to come up was a chore and I really have no idea why it didn't work or how I got it to work.

Right now, I am discovering that I don't seem to be able to change the file permissions on folders and files in the

MyComputer>Libraries>WebServer>Documents directory which is where some of the advice I am reading suggests putting my sites.

 

The old standby of GetInfo and changing the permissions does not seem to work, nor does the advice to:

sudo chown -R :admin /Library/WebServer/Documents
sudo chmod -R g=rw,+X /Library/WebServer/Documents

 

All this has me wondering if the changes to OS X mean that the best route to doing what I want to do is to use OSX Server?  The reviews on that piece of software are terrible though most speak to problems with VPN which I don't need.

 

Whichever way I go, there needs to be a simple way to clear out the old configurations and get my old sites moved to the "Right" place.  Right now I am seeing dozens of index.html.en pages and the search is not even showing the files in the MyComputer>Libraries>WebServer>Documents

  • etresoft Level 7 Level 7 (26,150 points)

    I posted a User Tip on how to setup the web server. I prefer to serve files out of my home directory though. You can fudge the URL from the Apache config file.

     

    https://discussions.apple.com/docs/DOC-3083

  • MrHoffman Level 6 Level 6 (13,020 points)

    The US$20 spent on OS X Server would be well worth it, here.  You'll have a GUI and the rest, and an easy way to add and remove web sites.   Once you've got OS X Server purchased and you've got DNS configured, then launch Server.app and select the web site of interest (or create one) and have a look at the path in the display. 

     

    To relocate your existing sites, you can cp or cp -R or zip the files, and move them over to the /Library/Server/Web path, and probably into the web site and the directory you've just created underneath that path.

     

    The /Library/WebServer/Documents path was used for Apache in OS X Server circa 10.6.  OS X Server 10.9 has almost everything involving OS X Server underneath /Library/Server path; the web services configuration files and data are all under /Library/Server/web

     

    FWIW, the web user is www (or sometimes _www, depending on the context), and not admin.  The www (or _www) user has to be able to read the files, which means if you're copying around files and particularly if you're doing the usual "load random stuff into the web directories" sequence, you'll need to reset the ownships and/or the protection masks after the copy.

     

    I've found OS X Server 10.9 Mavericks good (and in many ways, better than OS X Server 10.6), and the echo chamber chatter around the VPN services is not relevent locally, as I prefer using a gateway firewall NAT box with an integrated VPN server.  Profiles are coming along nicely but aren't quite there yet as a complete replacement for MCX, but Workgroup Manager can still be downloaded for 10.9, so I can usually get where I want.  (And US$20 is a whole lot nicer than the US$1000 OS X Server used to cost...)

  • pamela.parks Level 1 Level 1 (0 points)

    dtresoft,

    That is a great looking guide.... clearly written and easy to follow.  I got down to the point of testing localhost... works great, though it will not take the name of my "Server"... it is fine with localhost and 127.0.0.1.

    The next step of inputting 127.0.0.1/~myshortname gives me the 403 Forbidden

    You don't have permission to access /~myshortname/ on this server.  Which is about where I got to using other info I found in various posts.

    I think I am snarled up with prior configuration efforts and the way that Apple has moved the Sites folders around.

    I think I am going to give MrHoffman's advice to buy the Server product a go... if it solves my problem by helping me get my Sites in the right places and the configurations all set, the $20 will be well spent compared to banging my head for another day.

  • Neville Hillyer Level 4 Level 4 (1,855 points)

    I used both OS X and OS X Server several years ago when Server was very expensive and complicated. In my opinion it was only worth paying for if you had a large base of file sharing users. It was not much help for web serving. Playing with Apache config files on standard OS X was faster and more predictable.

     

    My normal method is to ignore OS X security and put the web site in a folder at root and do all setup file movements logged in as root - this will bring a few comments!

     

    To do this you need to get to know Apache config files but they are reasonably well documented with comments. You may also need to play with ACLs.

  • MrHoffman Level 6 Level 6 (13,020 points)

    I generally wouldn't serve my login folder to the 'net; a subfolder of that maybe, if personal sharing is enabled. 

     

    As for the protections, the web server (www or _www) will need at least read access to the files in whatever folder you do specify.

     

    IIRC, Mountain Lion Server removed the UserDir module pieces, so you'll have to add that back in manually if you want to keep files stored locally and not on the "standard" system-wide directories.   Here's a good discussion of this and of UserDir and such.  (I have not tested this, as I don't run per-user sites on the server.)

  • etresoft Level 7 Level 7 (26,150 points)

    pamela.parks wrote:

     

    You don't have permission to access /~myshortname/ on this server. 

    What are the permissions on your home directory and the Sites folder? They should be read and execute for group and other.


    I think I am snarled up with prior configuration efforts and the way that Apple has moved the Sites folders around.

    I think I am going to give MrHoffman's advice to buy the Server product a go... if it solves my problem by helping me get my Sites in the right places and the configurations all set, the $20 will be well spent compared to banging my head for another day.

    At least it is only $20. I have tried Server and it was my inspiration to write a User Tip that would be easier to setup than Server - hint, hint.

     

    Keep in mind that Server is a Server. It is designed to do a whole lot of things, most of which you don't need. It does include the web server but it is quite a bit different from a standard Apache configuration. It will change the performance characteristics of your machine. It will optimize your machine for background tasks instead of user tasks. You might notice a decrease in performance.

     

    I still recommend setting up Apache manually, using that User Tip, for a local network such as you describe. Server does some specific tasks that would be very useful to people who need them. If all you need is to run a web server, it is only going to make things more difficult.

     

    I agree with MrHoffman about serving anything over the net from a local machine. You should never do that from any system. Get a cheap, shared hosting service like Dreamhost.

  • Neville Hillyer Level 4 Level 4 (1,855 points)

    etresoft wrote:

     

    What are the permissions on your home directory and the Sites folder? They should be read and execute for group and other.

     

    Don't forget ACLs.

     

    If using a non-standard setup the config file may need changing and the path may need satisfactory permissions/ACLs.

  • pamela.parks Level 1 Level 1 (0 points)

    etresoft's question about permissions on the home directory and the Sites folder solved the problem.

     

    I find the need to repair permissions fairly regularly. Once changed to 0755 the localhost and localhost/~username pages rendered.  I quickly repaired the permissions and reran the test to confirm that the new permissions had stuck.

     

    The comments here and some youtube videos on Mavericks Server brought up plenty of issues with going that route. Simple is better for my setup and the User Tip was the simple way.

  • MrHoffman Level 6 Level 6 (13,020 points)

    pamela.parks wrote:

     

    etresoft's question about permissions on the home directory and the Sites folder solved the problem.

     

    This is what I referenced the access available for the www (or _www) user.  Please take a little time to learn about file ownership and file permissions, as the payoff will be large.  As part of this, you'll also learn how to make a web server breach more difficult to extend.  Here's an older write-up on the general topic of web server protections.

  • etresoft Level 7 Level 7 (26,150 points)

    I would like to reiterate a point I made earlier about not hosting any public site on your own server. When you have a server publicly accessible, hackers can bang on it 24x7 until they find a vulnerability or until some vulnerability is found elsewhere and you didn't patch it immediately. If you are a typically busy person with other stuff you would rather do, you can't win against the hackers.

     

    If you want to run a public site, let professionals manage the details. Then you can get back to the stuff you would rather do. I am a big fan of Dreamhost. You don't have to worry about the details of www or _www users and permissions. You can configure each site to use a unique root and user. Of course, it is still possible to screw something up and get hacked on Dreamhost, but you and the hackers have to go though much more effort to make that happen.

  • Neville Hillyer Level 4 Level 4 (1,855 points)

    My public web server runs on a dedicated Mac with OS 9 but my view is that if you have a solid firewall such as that provided by a Netgear modem/router and only allow HTTP initiated external access through the router you should be reasonably safe even without Apple's OTT security.

     

    If others have experience of hacking overcoming a correctly set up router firewall I would like to see the details.

  • etresoft Level 7 Level 7 (26,150 points)

    What kind of router is that? One with or without a backdoor?

  • Neville Hillyer Level 4 Level 4 (1,855 points)

    Thanks - very interesting link.

     

    This backdoor clearly affects a large number of routers including my DG834PN but I may be OK as I use DGTeam firmware - I have yet to confirm that DGTeam firmware is safe.

     

    Any information on vulnerability of DGTeam firmware or a general fix for this backdoor would be appreciated.

  • etresoft Level 7 Level 7 (26,150 points)

    I'm afraid the DGTeam firmware looks like it is abandonned. It wouldn't have the backdoor but it could have any number of other vulnerabilities. You are probably reasonably safe due to obscurity. I suggest replacing it.

Previous 1 2 Next