Install OSX 10.3 standard.
From OSX server disc 2, install the OSX server package MacOSXServerInstall.mpkg.
Once OSX server is running, you may remove Server Monitor icon from the dock, since it only works with Xserves.
It is possible to use standard OSX as a server, but the software and configuration will be different (and probably more difficult and unixey) than listed here.
-Port 80 (web) – any
-any – (local subnet)
-Port 22 (ssh) – any
-Port 25 (smtp) – any
-Port 143 (imap) – any
-Port 311 Server Admin – any
(other ports as necessary)
-Selecting “allow user to administer computer” adds “wheel” to their groups.
-To configure users from a command line, you may use the nicl netinfo utility. sudo nicl . cd users read username
From Server Admin:
Local host aliases – add any that this server will be serving directly.
Authentication – SMTP Login and Plain
To access the server remotely if the server is behind a strong firewall, you can set up ssh tunnels for all the server admin ports.
sudo ssh -L 548:220.127.116.11:548 -L 311:18.104.22.168:311 -L 625:22.214.171.124:625 -L 660:126.96.36.199:660 -L 687:188.8.131.52:687 firstname.lastname@example.org
Not all of these may be necessary. You may use them individually as follows:
Port 548: Apple File Service (for afp file sharing)
sudo ssh -L 548:184.108.40.206:548 email@example.com
Port 311: Server Admin SSL (for Server Admin)
(This appears to be the only port needed for Server Admin)
sudo ssh -L 311:220.127.116.11:311 firstname.lastname@example.org
Port 625: Remote Directory Access (for Workgroup Manager)
sudo ssh -L 625:18.104.22.168:625 email@example.com
Port 660: Server Admin via Server Settings
sudo ssh -L 660:22.214.171.124:660 firstname.lastname@example.org
Port 687: Server Admin via Server Admin App
sudo ssh -L 687:126.96.36.199:687 email@example.com
-Turn off “web performance cache” for ALL web pages (otherwise they all end up with “:16080”)
-(030304) I put the access_log and error_log for each webpage in its root directory. -analog. Don’t use the precompiled version of Analog.
PHP is installed on OSXS but isn’t activated.
From Server Admin/Web/Modules, activate php4_module.
You may also wish to activate perl_module if you’ll be running perl cgis. configure.sh You can then chmod the file as you see fit so no one else can run it… Then, when you want to reconfigure & recompile PHP, just delete config.cache & run sh configure.sh Now back to figure out all the options I had compiled into PHP.. doh! !–>
MySQL is installed in the server by default. You must complete the install and run it.
Run Applications/Server/MySQL Manager.
-set the root password:
/usr/local/mysql/bin/mysqladmin -u root password newpassword
mysql -u root -p
User data is stored in /private/var/mysql – each database has its own directory. You may move these directories to the user folder but you must leave a symlink so mysql can find them; and they must remain owned by mysql.
There are other useful instructions for mysql at http://www.entropy.ch/software/macosx/mysql/
To install phpmyadmin, get the latest version and edit config.inc.php.
I set phpmyadmin for http auth, which pops up a window to allow access. You may use config access instead but then when you get to the page you’re already logged in with access to the database. If you have other users on the server that you want to let in with phpmyadmin, you’ll need to set their db permissions properly.
Create the “control” user and allow them read access to the mysql tables:
GRANT USAGE ON mysql.* TO 'user'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT (
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
Execute_priv, Repl_slave_priv, Repl_client_priv
) ON mysql.user TO 'user'@'localhost';
GRANT SELECT ON mysql.db TO 'user'@'localhost';
GRANT SELECT ON mysql.host TO 'user'@'localhost';
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)
ON mysql.tables_priv TO 'user'@'localhost';
Before installing Gallery for the first time on the server:
I used netpbm for image manipulation (because it was easier than ImageMagick I guess, or it was free). If needed it can be downloaded from the specified page.
Once you’ve found netpbm, installation is non-obvious. Run ./configure and hit return to all the questions.
In order to make (compile) netpbm, you must have installed the Xcode tools!
/usr/local/netpbm/ justfred$ sudo cp ppmtojpeg pnmtojpeg
Adding Gallery to a website
-Download the latest Gallery from the website.
-I keep a copy in /Volumes/data/_software
-untar gallery to your website dir
tar -xvf /Volumes/data/_software/gallery-1.4.4-pl4.tar
(version number may be different)
-If you don’t already have albums, create them:
chmod 0777 albums
albums must be in the website dir.
-Prep Gallery for config:
touch config.php .htaccess
chmod 0777 config.php .htaccess
Add Gallery to /private/etc/httpd/httpd.conf to allow Gallery to edit its own files. This is at the end of the file, not in sections by website, but the reference must be website-specific:
#Directives added by Fred
#Allow Obtainium Gallery to edit its own files
AllowOverride Options FileInfo
This will reqire restarting apache:
sudo apachectl restart
-Run Gallery Configuration Wizard:
Gallery Configuration Wizard Doc
Admin PW (should be set to something simple, like a single character, the first time, otherwise Gallery chokes on first login.)
Temporary Directory /tmp
Slideshow length 0
Slideshow loop NO
Maximum length of comments 1000
When done, it will prompt you to run ./secure.sh
The FTP server should be set to allow users to see only their home directories.
Optimally, only SFTP should be allowed, so you can kill ports 21 and 22 on the firewall, but some users may not be able to do sftp.
OSX developer tools MUST be installed to add modules to perl.
To create a permanent alias ll ls -l, edit the .tcshrc file in the user’s home directory, or add it to /etc/profile
To reboot the server:
$ sudo shutdown -r now
Domain Name Registration and DNS
Domain Name Registration:
-I tend to use Godaddy for registar. -On registrar, point the domain name at the dns hosts.
-I tend to use zoneedit.com for dns hosting.
-On dns host (zoneedit.com, for example), point the domain name at the server’s IP address. Point the mx at mail.domainname.tld.
-Some registars (register.com) do both registration and dns hosting, but are more expensive.
From command line:
-create a directory (website)/_statistics (it should be owned by justfred since that’s who I run analog as – not sure how webserver has permission but it may run as root?)
-cd into it. ln -s /Volumes/data/_websites/analog/images/ images
-copy analog_obtainium.cfg to analog_(website).cfg
-Edit analog_(website).cfg HOSTNAME “obtainium/obtainium.org”
-In Server Admin/Web/Settings/Sites, -Edit the site Logging -Location: (website)/_settings/access_log (default is /var/log/httpd/)
-Error log location: (website)/_settings/error_log
-Change www.domainname.tld and domainname.tld
-copy an existing line and change it for website.
-test it by copying and pasting to command line.
Recent site about analog: http://www.afp548.com/articles/web/analog.html
Adding a User/Website/Database
-Create a directory for the user on /Volumes/data
-You may have to chmod 755 to allow access. Actually mainly the user “web” needs read and execute (to see directories) access.
-Create the user (Workgroup Manager)
-If you’re copying from another server, match the user id.
-Add all possible/unique aliases for that user.
-aliases are server-specific not domain-specific so sales@ would be at all hosted domains.
-Leave “allow log in” to allow FTP if necessary.
-Home: /Volumes/data (in most cases). -DO NOT “create home now” – that creates OSX folders.
-Set a Disk Quota, if you want.
-Mail: create mail account if necessary.
-Change owner for the directory to the user.
-Create a subdirectory for each website
-Create the database
%mysql -u root -p
mysql> create database dbname;
-change the db owner to username
mysql> grant all privileges on dbname to “username” identified by “userpass”;
mysql> flush privileges;
-move the db to the user’s directory
% mv /var/mysql/dbname /Volumes/data/username/dbname
% ln -s /Volumes/data/username/dbname /var/mysql/dbname
-Move the database to the user’s directory
-Create the website (Server Admin)
-General: domain name
-General: web folder /Volumes/data/username/www.website.com (or user subdir)
-Default: check with the user that they have index.html or index.php. Sometimes they might have index.htm. Anything .asp will of course not work.
-Duplicate www.website.com to website.com (don’t know a better way to do this).
-User may now log in with FTP.
-User may now log in with SSH.
-User may now point DNS at server.
-You can test website before the DNS switches, by setting it in hosts on your local machine
Changing IP address of the server
For each domain name:
-go to DNS host (some may be through registrar)
-Change IP address
-Apply or activate. Should take up to 15 minutes to propogate; longer with some “sticky” DNSs.
From System Preferences/Network:
-Change IP address as usual.
Configuring CVS on the server
I chose to create a separate CVS repository for each user. Obtainium is at
I created the repository with:
cvs -d /Volumes/data/obtainium/cvsroot init