This is an automated email from the ASF dual-hosted git repository. rubys pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push: new 79cc968 rough in instructions for a separate httpd instance 79cc968 is described below commit 79cc9681b52109ff9c7c88d5bf69601ba4c7e2d5 Author: Sam Ruby <ru...@intertwingly.net> AuthorDate: Fri Feb 9 11:24:48 2018 -0500 rough in instructions for a separate httpd instance --- MACOSX.md | 297 ++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 146 insertions(+), 151 deletions(-) diff --git a/MACOSX.md b/MACOSX.md index b4bb0d0..0daaac8 100644 --- a/MACOSX.md +++ b/MACOSX.md @@ -121,6 +121,13 @@ git remote add github g...@github.com:apache/whimsy.git git remote add asf https://gitbox.apache.org/repos/asf/whimsy.git ``` +Establish a link to this repository in a known location: + +``` +cd whimsy +sudo mkdir /srv +sudo ln -s `pwd` /srv/whimsy +``` Configure LDAP -------------- @@ -153,124 +160,142 @@ Notes: * The `ldapsearch` command is the standard LDAP utility on MacOSX. -Start Apache httpd +Install Apache httpd ------------------ -Running Whimsy tools locally depends on httpd. Install: +Running Whimsy tools locally depends on httpd. Apple provides a copy of httpd that has [known problems](https://github.com/phusion/passenger/issues/1986), so installing a separate copy of httpd is recommended. An optional later step in this process will forward traffic based on the hostname. + +Install with LDAP support: ``` -sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist +brew install apache-httpd +brew install openldap --with-sssvlv +brew reinstall -s apr-util --with-openldap +brew reinstall -s apache-httpd ``` -Verify: +Install passenger +------------------- ``` -$ curl localhost -<html><body><h1>It works!</h1></body></html> +brew install passenger +mkdir /usr/local/opt/httpd/conf ``` -Notes: +create `/usr/local/opt/httpd/conf/passenger.conf` from the output from `brew info passenger` (note new location of passenger.conf file: was `/etc/apache2/other`). - * `sudo lsof -i:80` may be helpful should you find that another process - already has port 80 open. - * `sudo apachectl restart` is how you restart apache; launchctl itself is for - controlling what processes automatically start at startup. - * If `curl` gives `Connection refused` then try kicking httpd: - * `sudo /usr/sbin/apachectl stop` - * `sudo /usr/sbin/httpd` - * If it works, then press CTRL-C and `sudo /usr/sbin/apachectl start` - * If it gave you `AH00526: Syntax error on line 20 of /private/etc/apache2/extra/httpd-mpm.conf` - then you may need to [delete the LockFile section](https://apple.stackexchange.com/questions/211015/el-capitan-apache-error-message-ah00526). + * Change `/usr/bin/ruby` to where you have Ruby installed. If you followed the instructions above, this will be `/usr/local/bin/ruby`. If you use rbenv or another tool to manage your Ruby installs, use that location instead. + * Optional: add `PassengerUser _www` and `PassengerGroup _www` lines if you would like your passenger applications to run under the web user. -Configure Apache httpd to run under your user id ------------------------------------------------- +Configure `whimsy.local` +------------------- -First, lock down Apache so that it can only be accessed from your localhost -(using either IPv4 or IPv6). As you will be configuring Apache httpd to be -running with your ID, this will prevent external hackers from exploiting that -code to update your filesystem and do other nasty things. +`cp /srv/whimsy/config/whimsy.conf /usr/local/opt/httpd/conf/` -Edit `/etc/apache2/httpd.conf` using sudo and your favorite text editor. -Locate the first line that says `Require all granted`. This should be around -line 263 at the end of the section `Directory "/Library/WebServer/Documents"` or similar -Replace that line with the following four lines: +edit `/usr/local/opt/httpd/conf/whimsy.conf`: -``` -<RequireAny> - Require ip 127.0.0.1 - Require ip ::1 -</RequireAny> -``` + * change `:80` to `:8080` + * change `ErrorLog` and `Custlog` to `/usr/local/var/log/httpd/whimsy_error.log` and `/usr/local/var/log/httpd/whimsy_access.log` respectively. -Find the next occurence of `Require all granted`. It should now be around -line 386 in the section `Directory "/Library/WebServer/CGI-Executables` or similar -Replace it with `Require all denied`. +Complete Apache configuration +------------------ -Now go back to the top of the file and search for `User`. Replace the first -`_www` with your local user id. This may be different than your ASF availid -- -that's OK. Your local user id is the response to `whoami`. -Replace the second `_www` with `staff` (that's the group name). +edit `/usr/local/etc/httpd/httpd.conf`: -Save your changes. +* Uncomment each of the following lines: + <pre> + `LoadModule proxy_module lib/httpd/modules/mod_proxy.so + LoadModule proxy_wstunnel_module lib/httpd/modules/mod_proxy_wstunnel.so + LoadModule speling_module lib/httpd/modules/mod_speling.so + LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so + LoadModule expires_module lib/httpd/modules/mod_expires.so + LoadModule cgi_module lib/httpd/modules/mod_cgi.so` + </pre> + +* Append the following: + <pre> + `LoadModule ldap_module lib/httpd/modules/mod_ldap.so + LoadModule authnz_ldap_module lib/httpd/modules/mod_authnz_ldap.so + LDAPVerifyServerCert Off + Include conf/passenger.conf + Include conf/whimsy.conf` + </pre> -Restart Apache httpd using `sudo apachectl restart`. -Verify that you can continue to access the server by re-issuing the following -command: +Launch the server using: ``` -$ curl localhost -<html><body><h1>It works!</h1></body></html> +brew services start httpd ``` -Make whimsy.local an alias for your machine -------------------------------------------- - -Edit `/etc/hosts` using sudo and your favorite text editor. - -Find either line that contains the word `localhost` and add `whimsy.local` to -it. For example, if you chose what is likely to be the final line in the file -and update it, it would look like this: +Verify: ``` -::1 localhost whimsy.local +$ curl curl -s localhost:8080 | grep '<title>' + <title>Apache Whimsy</title> ``` -Save your changes. +This may fail on High Sierra with a [We cannot safely call it or ignore it in +the fork() child process. Crashing +instead.](https://blog.phusion.nl/2017/10/13/why-ruby-app-servers-break-on-macos-high-sierra-and-what-can-be-done-about-it/) message in your `/var/log/apache/error.log` file. If so, do the following: -Verify that you can access the server using this new alias: +Edit `/usr/local/opt/httpd/homebrew.mxcl.httpd.plist` and add the following: ``` -$ curl whimsy.local -<html><body><h1>It works!</h1></body></html> +<key>EnvironmentVariables</key> +<dict> + <key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key> + <string>YES</string> + <key>XPC_SERVICES_UNAVAILABLE</key> + <string>1</string> +</dict> ``` -Install passenger ------------------------------------------------- +edit `/usr/local/opt/httpd/bin/envvars`, add: -Follow the [Installing Passenger + Apache on Mac OS X](https://www.phusionpassenger.com/library/install/apache/install/oss/osx/) instructions, which are summaried below:. +``` +OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES +``` -Install: +Restart Apache httpd using: ``` -$ brew install passenger -$ brew info passenger +apachectl restart ``` -For the second step (`brew info passenger`), you will need to -follow the instructions -- which essentially is to copy a few lines to -to a specified location. If your ruby is installed in `/usr/local/bin`, change the last line to +Additional Notes: + + * `sudo lsof -i:8080` may be helpful should you find that another process + already has port 8080 open. + * `apachectl restart` is how you restart apache; `brew services start` itself is for + controlling what processes automatically start at startup. + * If `curl` gives `Connection refused` then try kicking httpd: + * `/usr/sbin/apachectl stop` + * `/usr/sbin/httpd` + * If it works, then press CTRL-C and `/usr/sbin/apachectl start` + * If it gave you `AH00526: Syntax error on line 20 of /usr/local/etc/httpd/extra/httpd-mpm.conf` + then you may need to [delete the LockFile section](https://apple.stackexchange.com/questions/211015/el-capitan-apache-error-message-ah00526). + +Make whimsy.local an alias for your machine +------------------------------------------- + +Edit `/etc/hosts` using sudo and your favorite text editor. + +Find either line that contains the word `localhost` and add `whimsy.local` to +it. For example, if you chose what is likely to be the final line in the file +and update it, it would look like this: ``` -PassengerDefaultRuby /usr/local/bin/ruby +::1 localhost whimsy.local ``` -Likewise, if you used `rbenv` to manage your ruby install, point to that location instead. +Save your changes. -Restart the server: +Verify that you can access the server using this new alias: ``` -sudo apachectl restart +$ curl -s whimsy.local:8080 | grep '<title>' + <title>Apache Whimsy</title> ``` Verify: @@ -278,117 +303,87 @@ Verify: Check that the server information includes 'Phusion_Passenger': ``` -$ curl --head whimsy.local +$ curl --head whimsy.local:8080 HTTP/1.1 200 OK -Date: Fri, 19 Aug 2016 12:23:23 GMT -Server: Apache/2.4.18 (Unix) Phusion_Passenger/5.0.30 -Content-Location: index.html.en -Vary: negotiate -TCN: choice -Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT -ETag: "2d-432a5e4a73a80" +Date: Thu, 08 Feb 2018 16:33:56 GMT +Server: Apache/2.4.29 (Unix) Phusion_Passenger/5.2.0 +Last-Modified: Thu, 08 Feb 2018 16:30:06 GMT +ETag: "25a1-564b5ecaa5f80" Accept-Ranges: bytes -Content-Length: 45 +Content-Length: 9633 Content-Type: text/html ``` -This may fail on High Sierra with a [We cannot safely call it or ignore it in -the fork() child process. Crashing -instead.](https://blog.phusion.nl/2017/10/13/why-ruby-app-servers-break-on-macos-high-sierra-and-what-can-be-done-about-it/) message in your `/var/log/apache/error.log` file. If so, do the following: - -``` -cp /System/Library/LaunchDaemons/org.apache.httpd.plist /Library/LaunchDaemons/ -``` +Optional: forward `whimsy.local` traffic to port 8080 +------------------------- -Edit ` /Library/LaunchDaemons/org.apache.httpd.plist` and add the following to -`EnvironmentVariables/Dict`: +Edit `/etc/apache2/httpd.conf` and uncomment out the following lines: ``` - <key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key> - <string>YES</string> +LoadModule proxy_module libexec/apache2/mod_proxy.so +LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so ``` -Finally: +Create `/private/etc/apache2/other/localhost.conf` with the following contents: ``` -sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist -sudo launchctl load -w /Library/LaunchDaemons/org.apache.httpd.plist -``` - -N.B. Because of System Integrity Protection (SIP), it's not possible to edit files under /System. -So the change is made to a copy. -However the original location is baked into apachectl which is also protected by SIP. -This means apachectl ignores the change. -A work-round for this is to create an updated copy of apachectl somewhere further up the path. - -Configure whimsy.local vhost ----------------------------- - -Once again, Edit `/etc/apache2/httpd.conf` using sudo and your favorite text editor. - -Uncomment out the following lines: +NameVirtualHost *:80 +<VirtualHost *:80> + ServerName localhost + DocumentRoot /usr/local/var/www + <Location /> + Require all granted + </Location> +</VirtualHost> ``` -LoadModule proxy_module libexec/apache2/mod_proxy.so - -LoadModule proxy_wstunnel_module libexec/apache2/mod_proxy_wstunnel.so - -LoadModule speling_module libexec/apache2/mod_speling.so -LoadModule rewrite_module libexec/apache2/mod_rewrite.so +Create `/private/etc/apache2/other/whimsy.conf` with the following contents: -LoadModule authnz_ldap_module libexec/apache2/mod_authnz_ldap.so +``` +<VirtualHost *:80> + ServerName whimsy.local -LoadModule ldap_module libexec/apache2/mod_ldap.so + ProxyRequests off + ProxyPreserveHost On -LoadModule expires_module libexec/apache2/mod_expires.so + LogLevel warn + ErrorLog /var/log/apache2/whimsy_error.log + CustomLog /var/log/apache2/whimsy_access.log combined -LoadModule cgi_module libexec/apache2/mod_cgi.so + <Location /> + ProxyPass http://whimsy.local:8080/ + ProxyPassReverse http://whimsy.local:8080/ + Require all granted + </Location> +</VirtualHost> ``` -Add the following line: +If you don't have the system httpd already running, start it with: ``` -LDAPVerifyServerCert Off +sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist ``` -Copy whimsy vhost definition to your apache2 configuration (from the root of your whimsy git clone): +If the system httpd is already running, restart it: ``` -sudo cp config/whimsy.conf /private/etc/apache2/other +/usr/sbin/apachectl restart ``` -Also from the root of your whimsy git checkout, make a `/srv/cache` directory -owned by you, and establish a symbolic link to your whimsy git clone directory: +Test: ``` -sudo mkdir -p /srv/cache -sudo chown `id -un`:`id -gn` /srv/cache -sudo ln -s `pwd` /srv/whimsy -``` - -Restart Apache httpd using `sudo apachectl restart`. +$ curl -s --head localhost | grep Server +Server: Apache/2.4.28 (Unix) +$ curl -s --head whimsy.local | grep Server +Server: Apache/2.4.29 (Unix) Phusion_Passenger/5.2.0 -Verify: - -+ **Static content**: Visit [http://whimsy.local/](http://whimsy.local). You - should see the [whimsy home page](https://whimsy.apache.org/). -+ **CGI scripts**: Visit - [http://whimsy.local/test.cgi](http://whimsy.local/test.cgi). You should see - a list of environment variables. Compare with [test.cgi on - whimsy](https://whimsy.apache.org/test.cgi). -+ **Passenger/Rack applications**: Visit - [http://whimsy.local/racktest](http://whimsy.local/racktest). You should see - a list of environment variables. Compare with [racktest on - whimsy](https://whimsy.apache.org/racktest). - -Compare the `PATH` values with your local (command line) environment. -Various whimsy tools will make use of a number of commands (`svn`, `pdftk`) -and it is important that these tools (and the correct version of each) can -be found on the `PATH` defined to the Apache httpd web server. If you find -you need to adjust this, edit the `SetEnv PATH` line in -`/etc/apache2/other/whimsy.conf`, restart the server and verify the path -again. +$ curl localhost +<html><body><h1>It works!</h1></body></html> +$ curl -s whimsy.local | grep '<title>' + <title>Apache Whimsy</title> +``` Configure sending of mail -- To stop receiving notification emails like this one, please contact ru...@apache.org.