Abyss Web Server X1 is a free Web server available for Windows, Mac OS X/macOS and Linux. Despite its small footprint, it supports secure SSL/TLS connections. Macminicolo.net- The most popular and easiest way to host your Mac. Macminicolo.net offer very inexpensive colocation of your Mac. The service provides a very fast connection, a static ip address, and great customer service. Apache Server Info - Apple includes an install of Apache Web Server on all Mac OS X clients. This should fire up a webserver that listens on 10.0.1.1:8080 and serves files from the current directory ('.' ) – no PHP, ASP or any of that needed. Any suggestion greatly appreciated. Macos http unix webserver.
- Mac Os X Web Server
- Apache Web Server For Mac
- Web Server For Mac
- Web Server For Mac
- Web Server For Microsoft Edge
- Web Server For Microsoft
Click here to return to the 'How to create a secure (HTTPS) OS X webserver' hint |
See, when my friends said to me, 'Why would you buy a Mac? You're already seriously guru-istic in both Windows AND Linux! Why bother?', I'd answer: 'Cause real geeks never stop learnin'!'
This is an excellently written article, and looks so much more complete and thorough than the Apache-SSL Howtos I've seen for Linux. They're so poorly written that I gave up trying to get SSL working on Apache fairly quickly. It wasn't something I REALLY needed, just something to play with. With your article, I saw three points where I made mistakes immediately.
Nicely done and thanks!
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
Thanks.
The biggest problem I had found with the Linux-based tutorials was that none of them were written with the OS X file hierarchy in mind. Sure, you can delve into the dark hidden corners of the /folder structure, but I wanted to put things in context with /Users/username as much as possible so that a year from now, you can go back and easily figure out what was done.
Out of curiosity, what points did you get wrong?
Cheers.
Um, offhand, the biggest problems were the creation of a cert authority and/or self-signing the cert. Also, the removal of the password from the cert. The howtos made this look a ton more complex than you did. I didn't feel like bothering with that much work for a minor pet project.
I'm going to use this tonight to see if I can get it working on my Linux box. I still use Apache, but primarily as a reverse-proxy to my internal network. I'm using SSL_Proxy to encrypt packets, but would prefer to just use Apache and be done with it. SSL_Proxy was setup in 5 minutes (including download and compile time), this makes it look like Apache should be as quick!
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
I tried to follow this hint and once I was done and I restarted apache via sudo apachectl graceful I got the following error:
configuration broken, ignoring restart
/usr/sbin/apachectl graceful: (run 'apachectl configtest' for details)
Running configtest gives the following:
Processing config directory: /private/etc/httpd/users/*.conf
Processing config file: /private/etc/httpd/users/laubennd.conf
Processing config file: /private/etc/httpd/users/neil.conf
Processing config file: /private/etc/httpd/users/neill2.conf
Processing config file: /private/etc/httpd/users/ssl.conf
Syntax error on line 15 of /private/etc/httpd/users/ssl.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers (`XXX:...:XXX' - see manual)
which tells me t hat the SSLCipherSuite is incorrect . . . I've double checked that I copied/pasted it exactly as in the hint.
Any ideas why it isn't working right?
http://developer.apple.com/internet/serverside/modssl.html
which was also pretty clear and easy to follow (although providing this alternative reminds me of the old adage, about someone who has 2 clocks never knowing the exact time... :-)
cheers
m
Don't most browsers choke on self-signed certificates?
I can only speak for Safari on OS X and Internet Explorer on XP: they don't exactly 'choke' as much as 'hiccough'. On a per-session basis, I get prompted with a warning message about the certs, but once I accept this, I can load pages just fine.
Since I am pretty much the only surfer of my pages (I have mine secured with mod-auth, too), I don't mind the minor inconvenience. If others were surfing, I might go ahead and get a real domain name and use one of the cert authorities.
On a side note- I would prefer to use mod-digest instead, but IE really chokes on some of my PHP pages then. Since I am using SSL, am I correct that that covers my mod-auth also? In other words, eventhough the password is sent in the clear, it's sent in the clear THROUGH SLL, so it's encrypted, right?
Yes, it is sent over the encrypted link, so it isn't clear-text. Digest authentication is flawed, anyway, so you really need SSL even when you use it.
No. Most offer you the option of importing the cert into your personal store. With IE, simply choose 'View Certificate' when the warning pops up, there's an 'Install Certificate' option within there. For Mozilla, it'll ask if you always want to accept that certificate. IIRC, Safari works similarly. The only time you should ever have a problem again is when the cert changes, which should only be when you change it....or someone else... ;-)
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
Indeed, very nicely done.
---
--
Everything Mac - http://everythingmac.org
Since I work out of a home office a lot, I often put files for clients to access from the network at home. This added bit of security gives those skittish clients a little extra peace of mind.
Nice job!
This hint is great. It's just begging for a nice user-friendly GUI tool to wrap up the functionality, though! anyone?
---
In /dev/null, no one can hear you scream
I was planning on writing one over break in cocoa.
Being able to create client certificates is very handy and should be part of any similar app for OSX.
-m
Having +eNULL is particulary discouraged since NULL ciphers are ciphers offering no encryption! The setting in the original hint doesn't seem to enable NULL ciphers on a server I tested it on but looks dangerous to me.
Great hint BTW.
-m
Thanks for the tweak on the CipherSuite; I was pulling from a .conf file on a Linux box that I have access to and didn't fine-comb through all the details.
Again, the initial goal of writing this hint was to help folks get their teeth around on how to get SSL up and running on their own OS X boxes; fine tuning for performance, security, or other customized tweaks is left for the braver souls to learn and share!
Hi
Great info on SSL - i've also implemented the 'better' cipher,
Also I think that the info in this link: http://developer.apple.com/internet/serverside/modssl.html could be of interest to all.
Quote from above article:
'You'll be asked for some information when you start this. Most of it is pretty self explanatory, but one item, in particular, is not. Here's what you'll be asked for:
Country Name (2 letter code) [AU]: (enter your country code here)
State or Province Name (full name) [Some-State]: (Enter your state here)
Locality Name (eg, city) []: (enter your city here)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: (enter something here)
Organizational Unit Name (eg, section) []: (enter something here)
Common Name (eg, YOUR name) []: (this is the important one)
Email Address []: (your e-mail address)
The entry for 'Common Name' is the one that seems like it should be one thing, but is, in fact, another. For this entry, you want to enter your 'Server Name' as it appears in your httpd.conf (which you'll be modifying soon). As this is just a development environment, you can enter 127.0.0.1, which is the default IP for 'localhost'. Now, keep in mind that using 127.0.0.1 is not the same as using 'localhost'. The strings either match, or they don't — Unix is like that.'
...
...
'First, you need to comment out the 'Port' directive by placing a '#' in front of the line.
Port 80 should be changed to #Port 80. You will need to add the following just below where the Port directive was:
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
<IfModule mod_ssl.c>
Listen 443
Listen 80
</IfModule>
Adding these lines tells the server to be aware of traffic on port 80 (the standard HTTP port) and port 443 (the HTTPS port). This allows your SSL aware Apache installation to serve non-secure documents on port 80, while it is serving secure documents on 443.'
- Might be trivial to some but crucial none the less :-)
- Michael
Thanks for the article! One question... anyone know the trick to get this to work for apache2 from fink? I did /sw/sbin/apachectl start and apache starts find, but nothing is listening on the https port. Tried nmap too and nothin is there. Did have to take out the AddModule since that is gone in apache2, but what else do I have to do to enable mod ssl?
Nice how-to .. I'd elide the cert generation a bit, and just use the single command-line invocation below:
openssl req -days 720 -new -keyout <HOSTNAME>.key -out $<HOSTNAME>.crt -nodes -x509
(where you replace the string '<HOSTNAME>' with the name of the web server, e.g. the name that's in the https:// url.)
The -days string will make it so the cert doesn't expire for 2 years, which I find reasonable for a personal https:// webserver.
The command will produce two files:
your.host.name.crt
your.host.name.key
Place those in a safe location, make sure the key is readable only by root, and reference the full path in Apache .. you're set.
Thanks!! This is a GREAT hint.
Of course, I've done this (and similar suggestions from other sources, and I still can't get my Mac to serve https.
I am trying to set up a secure (https) server on the same domain as my non-secure server. In otehr words: I want http://www.domain.com to be a regular http server and https://www.domain.com to be a secure https server.
I have tried this (assume the missing brackets, please):
VirtualHost *:80
     DocumentRoot /Library/WebServer/Documents
     ErrorLog /private/var/log/httpd/error_log
/VirtualHost
VirtualHost *:443
    DocumentRoot /Library/WebServer/Secure
    ErrorLog /private/var/log/httpd/error_log2
    SSLEngine on   Â
/VirtualHost
in my httpd.conf file (with the SSLCertificateFile and SSLCertificateKey directives coming earlier in the file (I tried to include them in the virtualhost container, but Apache said no...and would not start)
I also tried the ssl.conf file suggested here, and I tried adding the directives in the ssl.conf file to the httpd.conf file.
Apache started with no hiccups each time.
The mod_ssl is loaded and added
But when I try to access www.domain.com which points to my Mac (10.3.7 client, NOT server)I do fine with the http:// connection (on port 80), but when I try an https:// connection (even if I specify :443) it tells me it cannot find the server.
Ports 80 and 443 are open (personal web sharing is on and I manually opened 443) in Sharing Preferences, and I have routed them to my Mac through my Airport Extreme Base Station's port mapping.
Any suggestions would me very much appreciated!
Thanks!!!
I have three questions:
1) Everything seemed to work untill I noticed that the result of Step 4 showed that the certificate was ONLY valid for 360 days (1 year), and not as entered in step 3; 3650 days (10 years). I have tried several times and I keep getting the same result. Anybody have a clue and advise?
2) When I get this all installed, will ALL pages served by the Mac Os X Apache server be run as SSL (https://blabla)?
3) Can people choose to see the same pages as normal non-ssl encrypted (http://blabla), depending on if they use the 's' after http in the url?
Your guide seems pretty simple compared to the documentation I have seen elseware for ssl implementation in Apache/mac osx. Looking forward to seeing working!
regards,
Davidw
Notes from newbie:
was trying to do above. all worked fine when i did local access via 127.0.0.1 but when i tried using external address it didn't work.
i'm assuming you have to manually add port 443 to sharing firewall (in addition to 80 & 427).
when i tried to add this via the SystemPreferences GUI, it wouldn't allow me to edit so i had to hack the Library/Preferences/...firewall.plist file manually.
anyone know why? anyways, hope this may be helpful to the next person.
You should be able to add new ports to the firewall configuration in System Preferences by going to Sharing and pick the Firewall tab there. There's a New button there -- this produces a list of protocols, but you can select Other and enter a range of ports.
Checking/enabling the 'Personal Web Sharing' box in the 'Sharing' preference panel covers ports 80, 427, and 443 already -- at least in Mac OS X 10.4.8
People can try to access your secure site with http://your site.com; however, you can keep them out with a little simple PHP code at the top of your secure site web pages:
$port=$_SERVER['SERVER_PORT'];
if($port<>'443') :
// insecure site code goes here
exit();
endif ;
I had a similar problem and found at least a workaround if not the specific cause. Prior to this step, edit the /System/Library/OpenSSL/openssl.cnf file and change:
default_days = 365
to
default_days = 3650
Then the cert will reflect 10 years. I'm guessing the config file options take precendent over command line flags.
Excellent instructions, but things break down at the signing stage. I received:
Using configuration from /System/Library/OpenSSL/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
3627:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
3627:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
unable to load CA private key
Signed certificate is in newcert.pem
I retraced my steps - What went wrong?
Cheers
amongst others but it's nice to see that it still works!
Should have used the Apple certified document first place:
http://developer.apple.com/internet/serverside/modssl.html
thanks anyway.
I used this guide very successfully on Tiger. Thanks for the article.
Unfortunately, Leopard uses Apache 2, which seems to operate differently as SSL serving no longer works as before.
Is there any chance of an update to bring us all up to scratch?
Thanks, again!
Thank you for the post! Very useful.
For Mac OS 10.5.8, please check this post for additional information:
http://hints.macworld.com/article.php?story=20080628074917113
and please note that 'cacert.pem' is in the 'demoCA' folder.
Configure SSL on Lion's Apachehttp://apple.stackexchange.com/questions/25434/configuring-ssl-with-apache-under-lion
...otherwise, the above instructions generate the following error on Lion's apache:
bash-3.2# /System/Library/OpenSSL/misc/CA.pl -signreq Using configuration from /System/Library/OpenSSL/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem 16021:error:02001002:system library:fopen:No such file or directory:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:356:fopen('./demoCA/private/cakey.pem','r') 16021:error:20074002:BIO routines:FILE_CTRL:system lib:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:358: unable to load CA private key Signed certificate is in newcert.pem
(the signed certificate it claims that it makes after all of those errors is, in fact, not valid nor legitimate. it has no functionality and is neither signed nor certified.
Here is my definitive guide to getting a local web server running on OS X 10.14 “Mojave”. This is meant to be a development platform so that you can build and test your sites locally, then deploy to an internet server. This User Tip only contains instructions for configuring the Apache server, PHP module, and Perl module. I have another User Tip for installing and configuring MySQL and email servers.
Note: This user tip is specific to macOS 10.14 “Mojave”. Pay attention to your OS version. There have been significant changes since earlier versions of macOS.Another note: These instructions apply to the client versions of OS X, not Server. Server does a few specific tricks really well and is a good choice for those. For things like database, web, and mail services, I have found it easier to just setup the client OS version manually.
Requirements:
- Basic understanding of Terminal.app and how to run command-line programs.
- Basic understanding of web servers.
- Basic usage of vi. You can substitute nano if you want.
Optional: Xcode is required for adding PHP modules.
Lines in bold are what you will have to type in. Lines in bold courier should be typed at the Terminal.Replace <your short user name> with your short user name.
Here goes... Enjoy!
To get started, edit the Apache configuration file as root:
sudo vi /etc/apache2/httpd.conf
Enable PHP by uncommenting line 177, changing:
#LoadModule php7_module libexec/apache2/libphp7.so
to
LoadModule php7_module libexec/apache2/libphp7.so
(If you aren't familiar with vi, go to line 177 by typing '177G' (without the quotes). Then just press 'x' over the '#' character to delete it. Then type ':w!' to save, or just 'ZZ' to save and quit. Don't do that yet though. More changes are still needed.)
If you want to run Perl scripts, you will have to do something similar:
Enable Perl by uncommenting line 178, changing:
#LoadModule perl_module libexec/apache2/mod_perl.so
to
LoadModule perl_module libexec/apache2/mod_perl.so
Enable personal websites by uncommenting the following at line 174:
#LoadModule userdir_module libexec/apache2/mod_userdir.so
to
LoadModule userdir_module libexec/apache2/mod_userdir.so
and do the same at line 511:
#Include /private/etc/apache2/extra/httpd-userdir.conf
to
Include /private/etc/apache2/extra/httpd-userdir.conf
Now save and quit.
Open the file you just enabled above with:
sudo vi /etc/apache2/extra/httpd-userdir.conf
and uncomment the following at line 16:
Mac Os X Web Server
#Include /private/etc/apache2/users/*.conf
to
Include /private/etc/apache2/users/*.conf
Save and exit.
Lion and later versions no longer create personal web sites by default. If you already had a Sites folder in Snow Leopard, it should still be there. To create one manually, enter the following:
mkdir ~/Sites
echo '<html><body><h1>My site works</h1></body></html>' > ~/Sites/index.html.en
While you are in /etc/apache2, double-check to make sure you have a user config file. It should exist at the path: /etc/apache2/users/<your short user name>.conf.
That file may not exist and if you upgrade from an older version, you may still not have it. It does appear to be created when you create a new user. If that file doesn't exist, you will need to create it with:
sudo vi /etc/apache2/users/<your short user name>.conf
Use the following as the content:
<Directory '/Users/<your short user name>/Sites/'>
AddLanguage en .en
AddHandler perl-script .pl
PerlHandler ModPerl::Registry
Options Indexes MultiViews FollowSymLinks ExecCGI
AllowOverride None
Require host localhost
</Directory>
Now you are ready to turn on Apache itself. But first, do a sanity check. Sometimes copying and pasting from an internet forum can insert invisible, invalid characters into config files. Check your configuration by running the following command in the Terminal:
apachectl configtest
If this command returns 'Syntax OK' then you are ready to go. It may also print a warning saying 'httpd: Could not reliably determine the server's fully qualified domain name'. You could fix this by setting the ServerName directive in /etc/apache2/httpd.conf and adding a matching entry into /etc/hosts. But for a development server, you don't need to do anything. You can just ignore that warning. You can safely ignore other warnings too.
Turn on the Apache httpd service by running the following command in the Terminal:
sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
In Safari, navigate to your web site with the following address:
http://localhost/
It should say:
Apache Web Server For Mac
It works!
Now try your user home directory:
http://localhost/~<your short user name>
It should say:
My site works
Now try PHP. Create a PHP info file with:
echo '<?php echo phpinfo(); ?>' > ~/Sites/info.php
And test it by entering the following into Safari's address bar:
http://localhost/~<your short user name>/info.php
You should see your PHP configuration information.
To test Perl, try something similar. Create a Perl test file with:
echo 'print $ENV{MOD_PERL} . qq{n};' > ~/Sites/info.pl
And test it by entering the following into Safari's address bar:
Web Server For Mac
http://localhost/~<your short user name>/info.pl
Web Server For Mac
You should see the string 'mod_perl/2.0.9'.
If you want to setup MySQL, see my User Tip on Installing MySQL.
Web Server For Microsoft Edge
If you want to add modules to PHP, I suggest the following site. I can't explain it any better.
Web Server For Microsoft
If you want to make further changes to your Apache system or user config files, you will need to restart the Apache server with:
sudo apachectl graceful