You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by ru...@apache.org on 2018/02/09 16:25:09 UTC
[whimsy] branch master updated: rough in instructions for a
separate httpd instance
This is an automated email from the ASF dual-hosted git repository.
rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 79cc968 rough in instructions for a separate httpd instance
79cc968 is described below
commit 79cc9681b52109ff9c7c88d5bf69601ba4c7e2d5
Author: Sam Ruby <ru...@intertwingly.net>
AuthorDate: Fri Feb 9 11:24:48 2018 -0500
rough in instructions for a separate httpd instance
---
MACOSX.md | 297 ++++++++++++++++++++++++++++++--------------------------------
1 file changed, 146 insertions(+), 151 deletions(-)
diff --git a/MACOSX.md b/MACOSX.md
index b4bb0d0..0daaac8 100644
--- a/MACOSX.md
+++ b/MACOSX.md
@@ -121,6 +121,13 @@ git remote add github git@github.com:apache/whimsy.git
git remote add asf https://gitbox.apache.org/repos/asf/whimsy.git
```
+Establish a link to this repository in a known location:
+
+```
+cd whimsy
+sudo mkdir /srv
+sudo ln -s `pwd` /srv/whimsy
+```
Configure LDAP
--------------
@@ -153,124 +160,142 @@ Notes:
* The `ldapsearch` command is the standard LDAP utility on MacOSX.
-Start Apache httpd
+Install Apache httpd
------------------
-Running Whimsy tools locally depends on httpd. Install:
+Running Whimsy tools locally depends on httpd. Apple provides a copy of httpd that has [known problems](https://github.com/phusion/passenger/issues/1986), so installing a separate copy of httpd is recommended. An optional later step in this process will forward traffic based on the hostname.
+
+Install with LDAP support:
```
-sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
+brew install apache-httpd
+brew install openldap --with-sssvlv
+brew reinstall -s apr-util --with-openldap
+brew reinstall -s apache-httpd
```
-Verify:
+Install passenger
+-------------------
```
-$ curl localhost
-<html><body><h1>It works!</h1></body></html>
+brew install passenger
+mkdir /usr/local/opt/httpd/conf
```
-Notes:
+create `/usr/local/opt/httpd/conf/passenger.conf` from the output from `brew info passenger` (note new location of passenger.conf file: was `/etc/apache2/other`).
- * `sudo lsof -i:80` may be helpful should you find that another process
- already has port 80 open.
- * `sudo apachectl restart` is how you restart apache; launchctl itself is for
- controlling what processes automatically start at startup.
- * If `curl` gives `Connection refused` then try kicking httpd:
- * `sudo /usr/sbin/apachectl stop`
- * `sudo /usr/sbin/httpd`
- * If it works, then press CTRL-C and `sudo /usr/sbin/apachectl start`
- * If it gave you `AH00526: Syntax error on line 20 of /private/etc/apache2/extra/httpd-mpm.conf`
- then you may need to [delete the LockFile section](https://apple.stackexchange.com/questions/211015/el-capitan-apache-error-message-ah00526).
+ * Change `/usr/bin/ruby` to where you have Ruby installed. If you followed the instructions above, this will be `/usr/local/bin/ruby`. If you use rbenv or another tool to manage your Ruby installs, use that location instead.
+ * Optional: add `PassengerUser _www` and `PassengerGroup _www` lines if you would like your passenger applications to run under the web user.
-Configure Apache httpd to run under your user id
-------------------------------------------------
+Configure `whimsy.local`
+-------------------
-First, lock down Apache so that it can only be accessed from your localhost
-(using either IPv4 or IPv6). As you will be configuring Apache httpd to be
-running with your ID, this will prevent external hackers from exploiting that
-code to update your filesystem and do other nasty things.
+`cp /srv/whimsy/config/whimsy.conf /usr/local/opt/httpd/conf/`
-Edit `/etc/apache2/httpd.conf` using sudo and your favorite text editor.
-Locate the first line that says `Require all granted`. This should be around
-line 263 at the end of the section `Directory "/Library/WebServer/Documents"` or similar
-Replace that line with the following four lines:
+edit `/usr/local/opt/httpd/conf/whimsy.conf`:
-```
-<RequireAny>
- Require ip 127.0.0.1
- Require ip ::1
-</RequireAny>
-```
+ * change `:80` to `:8080`
+ * change `ErrorLog` and `Custlog` to `/usr/local/var/log/httpd/whimsy_error.log` and `/usr/local/var/log/httpd/whimsy_access.log` respectively.
-Find the next occurence of `Require all granted`. It should now be around
-line 386 in the section `Directory "/Library/WebServer/CGI-Executables` or similar
-Replace it with `Require all denied`.
+Complete Apache configuration
+------------------
-Now go back to the top of the file and search for `User`. Replace the first
-`_www` with your local user id. This may be different than your ASF availid --
-that's OK. Your local user id is the response to `whoami`.
-Replace the second `_www` with `staff` (that's the group name).
+edit `/usr/local/etc/httpd/httpd.conf`:
-Save your changes.
+* Uncomment each of the following lines:
+ <pre>
+ `LoadModule proxy_module lib/httpd/modules/mod_proxy.so
+ LoadModule proxy_wstunnel_module lib/httpd/modules/mod_proxy_wstunnel.so
+ LoadModule speling_module lib/httpd/modules/mod_speling.so
+ LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
+ LoadModule expires_module lib/httpd/modules/mod_expires.so
+ LoadModule cgi_module lib/httpd/modules/mod_cgi.so`
+ </pre>
+
+* Append the following:
+ <pre>
+ `LoadModule ldap_module lib/httpd/modules/mod_ldap.so
+ LoadModule authnz_ldap_module lib/httpd/modules/mod_authnz_ldap.so
+ LDAPVerifyServerCert Off
+ Include conf/passenger.conf
+ Include conf/whimsy.conf`
+ </pre>
-Restart Apache httpd using `sudo apachectl restart`.
-Verify that you can continue to access the server by re-issuing the following
-command:
+Launch the server using:
```
-$ curl localhost
-<html><body><h1>It works!</h1></body></html>
+brew services start httpd
```
-Make whimsy.local an alias for your machine
--------------------------------------------
-
-Edit `/etc/hosts` using sudo and your favorite text editor.
-
-Find either line that contains the word `localhost` and add `whimsy.local` to
-it. For example, if you chose what is likely to be the final line in the file
-and update it, it would look like this:
+Verify:
```
-::1 localhost whimsy.local
+$ curl curl -s localhost:8080 | grep '<title>'
+ <title>Apache Whimsy</title>
```
-Save your changes.
+This may fail on High Sierra with a [We cannot safely call it or ignore it in
+the fork() child process. Crashing
+instead.](https://blog.phusion.nl/2017/10/13/why-ruby-app-servers-break-on-macos-high-sierra-and-what-can-be-done-about-it/) message in your `/var/log/apache/error.log` file. If so, do the following:
-Verify that you can access the server using this new alias:
+Edit `/usr/local/opt/httpd/homebrew.mxcl.httpd.plist` and add the following:
```
-$ curl whimsy.local
-<html><body><h1>It works!</h1></body></html>
+<key>EnvironmentVariables</key>
+<dict>
+ <key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key>
+ <string>YES</string>
+ <key>XPC_SERVICES_UNAVAILABLE</key>
+ <string>1</string>
+</dict>
```
-Install passenger
-------------------------------------------------
+edit `/usr/local/opt/httpd/bin/envvars`, add:
-Follow the [Installing Passenger + Apache on Mac OS X](https://www.phusionpassenger.com/library/install/apache/install/oss/osx/) instructions, which are summaried below:.
+```
+OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
+```
-Install:
+Restart Apache httpd using:
```
-$ brew install passenger
-$ brew info passenger
+apachectl restart
```
-For the second step (`brew info passenger`), you will need to
-follow the instructions -- which essentially is to copy a few lines to
-to a specified location. If your ruby is installed in `/usr/local/bin`, change the last line to
+Additional Notes:
+
+ * `sudo lsof -i:8080` may be helpful should you find that another process
+ already has port 8080 open.
+ * `apachectl restart` is how you restart apache; `brew services start` itself is for
+ controlling what processes automatically start at startup.
+ * If `curl` gives `Connection refused` then try kicking httpd:
+ * `/usr/sbin/apachectl stop`
+ * `/usr/sbin/httpd`
+ * If it works, then press CTRL-C and `/usr/sbin/apachectl start`
+ * If it gave you `AH00526: Syntax error on line 20 of /usr/local/etc/httpd/extra/httpd-mpm.conf`
+ then you may need to [delete the LockFile section](https://apple.stackexchange.com/questions/211015/el-capitan-apache-error-message-ah00526).
+
+Make whimsy.local an alias for your machine
+-------------------------------------------
+
+Edit `/etc/hosts` using sudo and your favorite text editor.
+
+Find either line that contains the word `localhost` and add `whimsy.local` to
+it. For example, if you chose what is likely to be the final line in the file
+and update it, it would look like this:
```
-PassengerDefaultRuby /usr/local/bin/ruby
+::1 localhost whimsy.local
```
-Likewise, if you used `rbenv` to manage your ruby install, point to that location instead.
+Save your changes.
-Restart the server:
+Verify that you can access the server using this new alias:
```
-sudo apachectl restart
+$ curl -s whimsy.local:8080 | grep '<title>'
+ <title>Apache Whimsy</title>
```
Verify:
@@ -278,117 +303,87 @@ Verify:
Check that the server information includes 'Phusion_Passenger':
```
-$ curl --head whimsy.local
+$ curl --head whimsy.local:8080
HTTP/1.1 200 OK
-Date: Fri, 19 Aug 2016 12:23:23 GMT
-Server: Apache/2.4.18 (Unix) Phusion_Passenger/5.0.30
-Content-Location: index.html.en
-Vary: negotiate
-TCN: choice
-Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
-ETag: "2d-432a5e4a73a80"
+Date: Thu, 08 Feb 2018 16:33:56 GMT
+Server: Apache/2.4.29 (Unix) Phusion_Passenger/5.2.0
+Last-Modified: Thu, 08 Feb 2018 16:30:06 GMT
+ETag: "25a1-564b5ecaa5f80"
Accept-Ranges: bytes
-Content-Length: 45
+Content-Length: 9633
Content-Type: text/html
```
-This may fail on High Sierra with a [We cannot safely call it or ignore it in
-the fork() child process. Crashing
-instead.](https://blog.phusion.nl/2017/10/13/why-ruby-app-servers-break-on-macos-high-sierra-and-what-can-be-done-about-it/) message in your `/var/log/apache/error.log` file. If so, do the following:
-
-```
-cp /System/Library/LaunchDaemons/org.apache.httpd.plist /Library/LaunchDaemons/
-```
+Optional: forward `whimsy.local` traffic to port 8080
+-------------------------
-Edit ` /Library/LaunchDaemons/org.apache.httpd.plist` and add the following to
-`EnvironmentVariables/Dict`:
+Edit `/etc/apache2/httpd.conf` and uncomment out the following lines:
```
- <key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key>
- <string>YES</string>
+LoadModule proxy_module libexec/apache2/mod_proxy.so
+LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so
```
-Finally:
+Create `/private/etc/apache2/other/localhost.conf` with the following contents:
```
-sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist
-sudo launchctl load -w /Library/LaunchDaemons/org.apache.httpd.plist
-```
-
-N.B. Because of System Integrity Protection (SIP), it's not possible to edit files under /System.
-So the change is made to a copy.
-However the original location is baked into apachectl which is also protected by SIP.
-This means apachectl ignores the change.
-A work-round for this is to create an updated copy of apachectl somewhere further up the path.
-
-Configure whimsy.local vhost
-----------------------------
-
-Once again, Edit `/etc/apache2/httpd.conf` using sudo and your favorite text editor.
-
-Uncomment out the following lines:
+NameVirtualHost *:80
+<VirtualHost *:80>
+ ServerName localhost
+ DocumentRoot /usr/local/var/www
+ <Location />
+ Require all granted
+ </Location>
+</VirtualHost>
```
-LoadModule proxy_module libexec/apache2/mod_proxy.so
-
-LoadModule proxy_wstunnel_module libexec/apache2/mod_proxy_wstunnel.so
-
-LoadModule speling_module libexec/apache2/mod_speling.so
-LoadModule rewrite_module libexec/apache2/mod_rewrite.so
+Create `/private/etc/apache2/other/whimsy.conf` with the following contents:
-LoadModule authnz_ldap_module libexec/apache2/mod_authnz_ldap.so
+```
+<VirtualHost *:80>
+ ServerName whimsy.local
-LoadModule ldap_module libexec/apache2/mod_ldap.so
+ ProxyRequests off
+ ProxyPreserveHost On
-LoadModule expires_module libexec/apache2/mod_expires.so
+ LogLevel warn
+ ErrorLog /var/log/apache2/whimsy_error.log
+ CustomLog /var/log/apache2/whimsy_access.log combined
-LoadModule cgi_module libexec/apache2/mod_cgi.so
+ <Location />
+ ProxyPass http://whimsy.local:8080/
+ ProxyPassReverse http://whimsy.local:8080/
+ Require all granted
+ </Location>
+</VirtualHost>
```
-Add the following line:
+If you don't have the system httpd already running, start it with:
```
-LDAPVerifyServerCert Off
+sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
```
-Copy whimsy vhost definition to your apache2 configuration (from the root of your whimsy git clone):
+If the system httpd is already running, restart it:
```
-sudo cp config/whimsy.conf /private/etc/apache2/other
+/usr/sbin/apachectl restart
```
-Also from the root of your whimsy git checkout, make a `/srv/cache` directory
-owned by you, and establish a symbolic link to your whimsy git clone directory:
+Test:
```
-sudo mkdir -p /srv/cache
-sudo chown `id -un`:`id -gn` /srv/cache
-sudo ln -s `pwd` /srv/whimsy
-```
-
-Restart Apache httpd using `sudo apachectl restart`.
+$ curl -s --head localhost | grep Server
+Server: Apache/2.4.28 (Unix)
+$ curl -s --head whimsy.local | grep Server
+Server: Apache/2.4.29 (Unix) Phusion_Passenger/5.2.0
-Verify:
-
-+ **Static content**: Visit [http://whimsy.local/](http://whimsy.local). You
- should see the [whimsy home page](https://whimsy.apache.org/).
-+ **CGI scripts**: Visit
- [http://whimsy.local/test.cgi](http://whimsy.local/test.cgi). You should see
- a list of environment variables. Compare with [test.cgi on
- whimsy](https://whimsy.apache.org/test.cgi).
-+ **Passenger/Rack applications**: Visit
- [http://whimsy.local/racktest](http://whimsy.local/racktest). You should see
- a list of environment variables. Compare with [racktest on
- whimsy](https://whimsy.apache.org/racktest).
-
-Compare the `PATH` values with your local (command line) environment.
-Various whimsy tools will make use of a number of commands (`svn`, `pdftk`)
-and it is important that these tools (and the correct version of each) can
-be found on the `PATH` defined to the Apache httpd web server. If you find
-you need to adjust this, edit the `SetEnv PATH` line in
-`/etc/apache2/other/whimsy.conf`, restart the server and verify the path
-again.
+$ curl localhost
+<html><body><h1>It works!</h1></body></html>
+$ curl -s whimsy.local | grep '<title>'
+ <title>Apache Whimsy</title>
+```
Configure sending of mail
--
To stop receiving notification emails like this one, please contact
rubys@apache.org.