Install
Networking
Firewall
Users
Mail Service
ssh
Files
www
php
gallery
mysql
ftp
perl
etc
domain
cvs
Install OSX
(10.3)
Install OSX 10.3 standard.
From OSX server disc 2, install the OSX server package MacOSXServerInstall.mpkg.
Once OSX server is running, you may remove Server Monitor icon from the dock, since it only works with Xserves.
It is possible to use standard OSX as a server, but the software and configuration will be different (and probably more difficult and unixey) than listed here.
Firewall
-Port 80 (web) – any
-any – (local subnet)
-Port 22 (ssh) – any
-Port 25 (smtp) – any
-Port 143 (imap) – any
-Port 311 Server Admin – any
-Port 660
-Port 687
(other ports as necessary)
Configure users
-Selecting “allow user to administer computer” adds “wheel” to their groups.
-To configure users from a command line, you may use the nicl netinfo utility. sudo nicl . cd users read username
Mail Service
From Server Admin:
Mail
Settings
Local host aliases – add any that this server will be serving directly.
Authentication – SMTP Login and Plain
ssh
To access the server remotely if the server is behind a strong firewall, you can set up ssh tunnels for all the server admin ports.
sudo ssh -L 548:209.242.167.76:548 -L 311:209.242.167.76:311 -L 625:209.242.167.76:625 -L 660:209.242.167.76:660 -L 687:209.242.167.76:687 root@obtainium.org
Not all of these may be necessary. You may use them individually as follows:
Port 548: Apple File Service (for afp file sharing)
sudo ssh -L 548:209.242.167.76:548 root@obtainium.org
Port 311: Server Admin SSL (for Server Admin)
(This appears to be the only port needed for Server Admin)
sudo ssh -L 311:209.242.167.76:311 root@obtainium.org
Port 625: Remote Directory Access (for Workgroup Manager)
sudo ssh -L 625:209.242.167.76:625 root@obtainium.org
Port 660: Server Admin via Server Settings
sudo ssh -L 660:209.242.167.76:660 root@obtainium.org
Port 687: Server Admin via Server Admin App
sudo ssh -L 687:209.242.167.76:687 root@obtainium.org
www
-Turn off “web performance cache” for ALL web pages (otherwise they all end up with “:16080”)
-(030304) I put the access_log and error_log for each webpage in its root directory. -analog. Don’t use the precompiled version of Analog.
php
PHP is installed on OSXS but isn’t activated.
From Server Admin/Web/Modules, activate php4_module.
You may also wish to activate perl_module if you’ll be running perl cgis. configure.sh You can then chmod the file as you see fit so no one else can run it… Then, when you want to reconfigure & recompile PHP, just delete config.cache & run sh configure.sh Now back to figure out all the options I had compiled into PHP.. doh! !–>
mysql
MySQL is installed in the server by default. You must complete the install and run it.
Run Applications/Server/MySQL Manager.
-unlock
-install
-start
-set the root password:
/usr/local/mysql/bin/mysqladmin -u root password newpassword
mysql -u root -p
User data is stored in /private/var/mysql – each database has its own directory. You may move these directories to the user folder but you must leave a symlink so mysql can find them; and they must remain owned by mysql.
There are other useful instructions for mysql at http://www.entropy.ch/software/macosx/mysql/
To install phpmyadmin, get the latest version and edit config.inc.php.
I set phpmyadmin for http auth, which pops up a window to allow access. You may use config access instead but then when you get to the page you’re already logged in with access to the database. If you have other users on the server that you want to let in with phpmyadmin, you’ll need to set their db permissions properly.
Create the “control” user and allow them read access to the mysql tables:
GRANT USAGE ON mysql.* TO 'user'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT (
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
Execute_priv, Repl_slave_priv, Repl_client_priv
) ON mysql.user TO 'user'@'localhost';
GRANT SELECT ON mysql.db TO 'user'@'localhost';
GRANT SELECT ON mysql.host TO 'user'@'localhost';
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)
ON mysql.tables_priv TO 'user'@'localhost';
gallery
Before installing Gallery for the first time on the server:
I used netpbm for image manipulation (because it was easier than ImageMagick I guess, or it was free). If needed it can be downloaded from the specified page.
Once you’ve found netpbm, installation is non-obvious. Run ./configure and hit return to all the questions.
In order to make (compile) netpbm, you must have installed the Xcode tools!
/usr/local/netpbm/ justfred$ sudo cp ppmtojpeg pnmtojpeg
Adding Gallery to a website
-Download the latest Gallery from the website.
-I keep a copy in /Volumes/data/_software
-untar gallery to your website dir
tar -xvf /Volumes/data/_software/gallery-1.4.4-pl4.tar
(version number may be different)
-If you don’t already have albums, create them:
mkdir albums
chmod 0777 albums
albums must be in the website dir.
-Prep Gallery for config:
cd gallery
touch config.php .htaccess
chmod 0777 config.php .htaccess
Add Gallery to /private/etc/httpd/httpd.conf to allow Gallery to edit its own files. This is at the end of the file, not in sections by website, but the reference must be website-specific:
#Directives added by Fred
#041110 FH
#Allow Obtainium Gallery to edit its own files
AllowOverride Options FileInfo
This will reqire restarting apache:
sudo apachectl restart
-Run Gallery Configuration Wizard:
http://website/gallery/setup/index.php
Gallery Configuration Wizard Doc
Gallery Title
Admin PW (should be set to something simple, like a single character, the first time, otherwise Gallery chokes on first login.)
Temporary Directory /tmp
Email
Slideshow (ordered)
Slideshow length 0
Slideshow loop NO
Maximum length of comments 1000
When done, it will prompt you to run ./secure.sh
ftp
The FTP server should be set to allow users to see only their home directories.
-Server Admin
-FTP
-Settings
Optimally, only SFTP should be allowed, so you can kill ports 21 and 22 on the firewall, but some users may not be able to do sftp.
perl
OSX developer tools MUST be installed to add modules to perl.
etc
To create a permanent alias ll ls -l, edit the .tcshrc file in the user’s home directory, or add it to /etc/profile
To reboot the server:
$ sudo shutdown -r now
Domain Name Registration and DNS
Domain Name Registration:
-I tend to use Godaddy for registar. -On registrar, point the domain name at the dns hosts.
DNS:
-I tend to use zoneedit.com for dns hosting.
-On dns host (zoneedit.com, for example), point the domain name at the server’s IP address. Point the mx at mail.domainname.tld.
-Some registars (register.com) do both registration and dns hosting, but are more expensive.
Analog
From command line:
-create a directory (website)/_statistics (it should be owned by justfred since that’s who I run analog as – not sure how webserver has permission but it may run as root?)
-cd into it. ln -s /Volumes/data/_websites/analog/images/ images
In /Volumes/data/_websites/analog,
-copy analog_obtainium.cfg to analog_(website).cfg
-Edit analog_(website).cfg HOSTNAME “obtainium/obtainium.org”
HOSTURL http://www.obtainium.org/
LOGFILE /Volumes/data/obtainium/www.obtainium.org/_statistics/access_log
OUTFILE /Volumes/data/obtainium/www.obtainium.org/_statistics/analog_report.html
-In Server Admin/Web/Settings/Sites, -Edit the site Logging -Location: (website)/_settings/access_log (default is /var/log/httpd/)
-Format: combined
-Error log location: (website)/_settings/error_log
-Change www.domainname.tld and domainname.tld
-in analog.sh:
-copy an existing line and change it for website.
-test it by copying and pasting to command line.
Recent site about analog: http://www.afp548.com/articles/web/analog.html
Adding a User/Website/Database
-Create a directory for the user on /Volumes/data
-You may have to chmod 755 to allow access. Actually mainly the user “web” needs read and execute (to see directories) access.
-Create the user (Workgroup Manager)
-If you’re copying from another server, match the user id.
-Add all possible/unique aliases for that user.
-aliases are server-specific not domain-specific so sales@ would be at all hosted domains.
-Leave “allow log in” to allow FTP if necessary.
-Home: /Volumes/data (in most cases). -DO NOT “create home now” – that creates OSX folders.
-Set a Disk Quota, if you want.
-Mail: create mail account if necessary.
-save
-Change owner for the directory to the user.
-Create a subdirectory for each website
-Create the database
%mysql -u root -p
mysql> create database dbname;
-change the db owner to username
mysql> grant all privileges on dbname to “username” identified by “userpass”;
mysql> flush privileges;
-move the db to the user’s directory
% mv /var/mysql/dbname /Volumes/data/username/dbname
% ln -s /Volumes/data/username/dbname /var/mysql/dbname
-Move the database to the user’s directory
-Create the website (Server Admin)
-General: domain name
-General: web folder /Volumes/data/username/www.website.com (or user subdir)
-Default: check with the user that they have index.html or index.php. Sometimes they might have index.htm. Anything .asp will of course not work.
-Logging: /Volumes/data/username/www.website.com/_statistics
-Duplicate www.website.com to website.com (don’t know a better way to do this).
-User may now log in with FTP.
-User may now log in with SSH.
-User may now point DNS at server.
-You can test website before the DNS switches, by setting it in hosts on your local machine
Changing IP address of the server
For each domain name:
-go to DNS host (some may be through registrar)
-Change IP address
-Apply or activate. Should take up to 15 minutes to propogate; longer with some “sticky” DNSs.
From System Preferences/Network:
-Change IP address as usual.
cvs
Configuring CVS on the server
I chose to create a separate CVS repository for each user. Obtainium is at
/Volumes/data/obtainium/cvsroot
I created the repository with:
cvs -d /Volumes/data/obtainium/cvsroot init