whimsical-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ru...@apache.org
Subject [whimsy] branch master updated: rough in instructions for a separate httpd instance
Date Fri, 09 Feb 2018 16:25:09 GMT
This is an automated email from the ASF dual-hosted git repository.

rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 79cc968  rough in instructions for a separate httpd instance
79cc968 is described below

commit 79cc9681b52109ff9c7c88d5bf69601ba4c7e2d5
Author: Sam Ruby <rubys@intertwingly.net>
AuthorDate: Fri Feb 9 11:24:48 2018 -0500

    rough in instructions for a separate httpd instance
---
 MACOSX.md | 297 ++++++++++++++++++++++++++++++--------------------------------
 1 file changed, 146 insertions(+), 151 deletions(-)

diff --git a/MACOSX.md b/MACOSX.md
index b4bb0d0..0daaac8 100644
--- a/MACOSX.md
+++ b/MACOSX.md
@@ -121,6 +121,13 @@ git remote add github git@github.com:apache/whimsy.git
 git remote add asf https://gitbox.apache.org/repos/asf/whimsy.git
 ```
 
+Establish a link to this repository in a known location:
+
+```
+cd whimsy
+sudo mkdir /srv
+sudo ln -s `pwd` /srv/whimsy
+```
 
 Configure LDAP
 --------------
@@ -153,124 +160,142 @@ Notes:
  * The `ldapsearch` command is the standard LDAP utility on MacOSX.
 
 
-Start Apache httpd
+Install Apache httpd
 ------------------
 
-Running Whimsy tools locally depends on httpd.  Install:
+Running Whimsy tools locally depends on httpd.  Apple provides a copy of httpd that has [known
problems](https://github.com/phusion/passenger/issues/1986), so installing a separate copy
of httpd is recommended.  An optional later step in this process will forward traffic based
on the hostname.
+
+Install with LDAP support:
 
 ```
-sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
+brew install apache-httpd
+brew install openldap --with-sssvlv
+brew reinstall -s apr-util --with-openldap
+brew reinstall -s apache-httpd
 ```
 
-Verify:
+Install passenger
+-------------------
 
 ```
-$ curl localhost
-<html><body><h1>It works!</h1></body></html>
+brew install passenger
+mkdir /usr/local/opt/httpd/conf
 ```
 
-Notes:
+create `/usr/local/opt/httpd/conf/passenger.conf` from the output from `brew info passenger`
(note new location of passenger.conf file: was `/etc/apache2/other`).
 
- * `sudo lsof -i:80` may be helpful should you find that another process
-   already has port 80 open.
- * `sudo apachectl restart` is how you restart apache; launchctl itself is for
-   controlling what processes automatically start at startup.
- * If `curl` gives `Connection refused` then try kicking httpd:
-    * `sudo /usr/sbin/apachectl stop`
-    * `sudo /usr/sbin/httpd`
-      * If it works, then press CTRL-C and `sudo /usr/sbin/apachectl start`
-      * If it gave you `AH00526: Syntax error on line 20 of /private/etc/apache2/extra/httpd-mpm.conf`
-        then you may need to [delete the LockFile section](https://apple.stackexchange.com/questions/211015/el-capitan-apache-error-message-ah00526).
+ * Change `/usr/bin/ruby` to where you have Ruby installed.  If you followed the instructions
above, this will be `/usr/local/bin/ruby`.  If you use rbenv or another tool to manage your
Ruby installs, use that location instead.
+ * Optional: add `PassengerUser _www` and `PassengerGroup _www` lines if you would like your
passenger applications to run under the web user.
 
-Configure Apache httpd to run under your user id
-------------------------------------------------
+Configure `whimsy.local`
+-------------------
 
-First, lock down Apache so that it can only be accessed from your localhost
-(using either IPv4 or IPv6).  As you will be configuring Apache httpd to be
-running with your ID, this will prevent external hackers from exploiting that
-code to update your filesystem and do other nasty things.
+`cp /srv/whimsy/config/whimsy.conf /usr/local/opt/httpd/conf/`
 
-Edit `/etc/apache2/httpd.conf` using sudo and your favorite text editor.
-Locate the first line that says `Require all granted`.  This should be around
-line 263 at the end of the section `Directory "/Library/WebServer/Documents"` or similar
-Replace that line with the following four lines:
+edit `/usr/local/opt/httpd/conf/whimsy.conf`:
 
-```
-<RequireAny>
-  Require ip 127.0.0.1
-  Require ip ::1
-</RequireAny>
-```
+   * change `:80` to `:8080`
+   * change `ErrorLog` and `Custlog` to `/usr/local/var/log/httpd/whimsy_error.log` and `/usr/local/var/log/httpd/whimsy_access.log`
respectively.
 
-Find the next occurence of `Require all granted`.  It should now be around
-line 386 in the section `Directory "/Library/WebServer/CGI-Executables` or similar
-Replace it with `Require all denied`.
+Complete Apache configuration
+------------------
 
-Now go back to the top of the file and search for `User`.  Replace the first
-`_www` with your local user id.  This may be different than your ASF availid --
-that's OK.  Your local user id is the response to `whoami`.
-Replace the second `_www` with `staff` (that's the group name).
+edit `/usr/local/etc/httpd/httpd.conf`:
 
-Save your changes.
+* Uncomment each of the following lines:
+    <pre>
+    `LoadModule proxy_module lib/httpd/modules/mod_proxy.so
+    LoadModule proxy_wstunnel_module lib/httpd/modules/mod_proxy_wstunnel.so
+    LoadModule speling_module lib/httpd/modules/mod_speling.so
+    LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
+    LoadModule expires_module lib/httpd/modules/mod_expires.so
+    LoadModule cgi_module lib/httpd/modules/mod_cgi.so`
+    </pre>
+
+* Append the following:
+   <pre>
+    `LoadModule ldap_module lib/httpd/modules/mod_ldap.so
+    LoadModule authnz_ldap_module lib/httpd/modules/mod_authnz_ldap.so
+    LDAPVerifyServerCert Off
+    Include conf/passenger.conf
+    Include conf/whimsy.conf`
+  </pre>
 
-Restart Apache httpd using `sudo apachectl restart`.
 
-Verify that you can continue to access the server by re-issuing the following
-command:
+Launch the server using:
 
 ```
-$ curl localhost
-<html><body><h1>It works!</h1></body></html>
+brew services start httpd
 ```
 
-Make whimsy.local an alias for your machine
--------------------------------------------
-
-Edit `/etc/hosts` using sudo and your favorite text editor.
-
-Find either line that contains the word `localhost` and add `whimsy.local` to
-it.  For example, if you chose what is likely to be the final line in the file
-and update it, it would look like this:
+Verify:
 
 ```
-::1             localhost whimsy.local
+$ curl curl -s localhost:8080 | grep '<title>'
+    <title>Apache Whimsy</title>
 ```
 
-Save your changes.
+This may fail on High Sierra with a [We cannot safely call it or ignore it in
+the fork() child process. Crashing
+instead.](https://blog.phusion.nl/2017/10/13/why-ruby-app-servers-break-on-macos-high-sierra-and-what-can-be-done-about-it/)
message in your `/var/log/apache/error.log` file.  If so, do the following:
 
-Verify that you can access the server using this new alias:
+Edit `/usr/local/opt/httpd/homebrew.mxcl.httpd.plist` and add the following:
 
 ```
-$ curl whimsy.local
-<html><body><h1>It works!</h1></body></html>
+<key>EnvironmentVariables</key>
+<dict>
+  <key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key>
+  <string>YES</string>
+  <key>XPC_SERVICES_UNAVAILABLE</key>
+  <string>1</string>
+</dict>
 ```
 
-Install passenger
-------------------------------------------------
+edit `/usr/local/opt/httpd/bin/envvars`, add:
 
-Follow the [Installing Passenger + Apache on Mac OS X](https://www.phusionpassenger.com/library/install/apache/install/oss/osx/)
instructions, which are summaried below:.
+```
+OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
+```
 
-Install:
+Restart Apache httpd using:
 
 ```
-$ brew install passenger
-$ brew info passenger
+apachectl restart
 ```
 
-For the second step (`brew info passenger`), you will need to
-follow the instructions -- which essentially is to copy a few lines to
-to a specified location.  If your ruby is installed in `/usr/local/bin`, change the last
line to
+Additional Notes:
+
+ * `sudo lsof -i:8080` may be helpful should you find that another process
+   already has port 8080 open.
+ * `apachectl restart` is how you restart apache; `brew services start` itself is for
+   controlling what processes automatically start at startup.
+ * If `curl` gives `Connection refused` then try kicking httpd:
+    * `/usr/sbin/apachectl stop`
+    * `/usr/sbin/httpd`
+      * If it works, then press CTRL-C and `/usr/sbin/apachectl start`
+      * If it gave you `AH00526: Syntax error on line 20 of /usr/local/etc/httpd/extra/httpd-mpm.conf`
+        then you may need to [delete the LockFile section](https://apple.stackexchange.com/questions/211015/el-capitan-apache-error-message-ah00526).
+
+Make whimsy.local an alias for your machine
+-------------------------------------------
+
+Edit `/etc/hosts` using sudo and your favorite text editor.
+
+Find either line that contains the word `localhost` and add `whimsy.local` to
+it.  For example, if you chose what is likely to be the final line in the file
+and update it, it would look like this:
 
 ```
-PassengerDefaultRuby /usr/local/bin/ruby
+::1             localhost whimsy.local
 ```
 
-Likewise, if you used `rbenv` to manage your ruby install, point to that location instead.
+Save your changes.
 
-Restart the server:
+Verify that you can access the server using this new alias:
 
 ```
-sudo apachectl restart
+$ curl -s whimsy.local:8080 | grep '<title>'
+    <title>Apache Whimsy</title>
 ```
 
 Verify:
@@ -278,117 +303,87 @@ Verify:
 Check that the server information includes 'Phusion_Passenger':
 
 ```
-$ curl --head whimsy.local
+$ curl --head whimsy.local:8080
 HTTP/1.1 200 OK
-Date: Fri, 19 Aug 2016 12:23:23 GMT
-Server: Apache/2.4.18 (Unix) Phusion_Passenger/5.0.30
-Content-Location: index.html.en
-Vary: negotiate
-TCN: choice
-Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
-ETag: "2d-432a5e4a73a80"
+Date: Thu, 08 Feb 2018 16:33:56 GMT
+Server: Apache/2.4.29 (Unix) Phusion_Passenger/5.2.0
+Last-Modified: Thu, 08 Feb 2018 16:30:06 GMT
+ETag: "25a1-564b5ecaa5f80"
 Accept-Ranges: bytes
-Content-Length: 45
+Content-Length: 9633
 Content-Type: text/html
 ```
 
-This may fail on High Sierra with a [We cannot safely call it or ignore it in
-the fork() child process. Crashing
-instead.](https://blog.phusion.nl/2017/10/13/why-ruby-app-servers-break-on-macos-high-sierra-and-what-can-be-done-about-it/)
message in your `/var/log/apache/error.log` file.  If so, do the following:
-
-```
-cp /System/Library/LaunchDaemons/org.apache.httpd.plist /Library/LaunchDaemons/
-```
+Optional: forward `whimsy.local` traffic to port 8080
+-------------------------
 
-Edit ` /Library/LaunchDaemons/org.apache.httpd.plist` and add the following to
-`EnvironmentVariables/Dict`:
+Edit `/etc/apache2/httpd.conf` and uncomment out the following lines:
 
 ```
-    <key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key>
-    <string>YES</string>
+LoadModule proxy_module libexec/apache2/mod_proxy.so
+LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so
 ```
 
-Finally:
+Create `/private/etc/apache2/other/localhost.conf` with the following contents:
 
 ```
-sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist
-sudo launchctl load -w /Library/LaunchDaemons/org.apache.httpd.plist
-```
-
-N.B. Because of System Integrity Protection (SIP), it's not possible to edit files under
/System.
-So the change is made to a copy. 
-However the original location is baked into apachectl which is also protected by SIP.
-This means apachectl ignores the change.
-A work-round for this is to create an updated copy of apachectl somewhere further up the
path.
- 
-Configure whimsy.local vhost
-----------------------------
-
-Once again, Edit `/etc/apache2/httpd.conf` using sudo and your favorite text editor.
-
-Uncomment out the following lines:
+NameVirtualHost *:80
 
+<VirtualHost *:80>
+  ServerName localhost
+  DocumentRoot /usr/local/var/www
+  <Location />
+    Require all granted
+  </Location>
+</VirtualHost>
 ```
-LoadModule proxy_module libexec/apache2/mod_proxy.so
-
-LoadModule proxy_wstunnel_module libexec/apache2/mod_proxy_wstunnel.so
-
-LoadModule speling_module libexec/apache2/mod_speling.so
 
-LoadModule rewrite_module libexec/apache2/mod_rewrite.so
+Create `/private/etc/apache2/other/whimsy.conf` with the following contents:
 
-LoadModule authnz_ldap_module libexec/apache2/mod_authnz_ldap.so
+```
+<VirtualHost *:80>
+    ServerName whimsy.local
 
-LoadModule ldap_module libexec/apache2/mod_ldap.so
+    ProxyRequests off
+    ProxyPreserveHost On
 
-LoadModule expires_module libexec/apache2/mod_expires.so
+    LogLevel warn
+    ErrorLog /var/log/apache2/whimsy_error.log
+    CustomLog /var/log/apache2/whimsy_access.log combined
 
-LoadModule cgi_module libexec/apache2/mod_cgi.so
+    <Location />
+        ProxyPass http://whimsy.local:8080/
+        ProxyPassReverse http://whimsy.local:8080/
+        Require all granted
+    </Location>
+</VirtualHost>
 ```
 
-Add the following line:
+If you don't have the system httpd already running, start it with:
 
 ```
-LDAPVerifyServerCert Off
+sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
 ```
 
-Copy whimsy vhost definition to your apache2 configuration (from the root of your whimsy
git clone):
+If the system httpd is already running, restart it:
 
 ```
-sudo cp config/whimsy.conf /private/etc/apache2/other
+/usr/sbin/apachectl restart
 ```
 
-Also from the root of your whimsy git checkout, make a `/srv/cache` directory
-owned by you, and establish a symbolic link to your whimsy git clone directory:
+Test:
 
 ```
-sudo mkdir -p /srv/cache
-sudo chown `id -un`:`id -gn` /srv/cache
-sudo ln -s `pwd` /srv/whimsy
-```
-
-Restart Apache httpd using `sudo apachectl restart`.
+$ curl -s --head localhost | grep Server
+Server: Apache/2.4.28 (Unix)
+$ curl -s --head whimsy.local | grep Server
+Server: Apache/2.4.29 (Unix) Phusion_Passenger/5.2.0
 
-Verify:
-
-+ **Static content**: Visit [http://whimsy.local/](http://whimsy.local).  You
-  should see the [whimsy home page](https://whimsy.apache.org/).
-+ **CGI scripts**: Visit
-  [http://whimsy.local/test.cgi](http://whimsy.local/test.cgi).  You should see
-  a list of environment variables.  Compare with [test.cgi on
-  whimsy](https://whimsy.apache.org/test.cgi).
-+ **Passenger/Rack applications**: Visit
-  [http://whimsy.local/racktest](http://whimsy.local/racktest).  You should see
-  a list of environment variables.  Compare with [racktest on
-  whimsy](https://whimsy.apache.org/racktest).
-
-Compare the `PATH` values with your local (command line) environment.
-Various whimsy tools will make use of a number of commands (`svn`, `pdftk`)
-and it is important that these tools (and the correct version of each) can
-be found on the `PATH` defined to the Apache httpd web server.  If you find
-you need to adjust this, edit the `SetEnv PATH` line in
-`/etc/apache2/other/whimsy.conf`, restart the server and verify the path
-again.
+$ curl localhost
+<html><body><h1>It works!</h1></body></html>
+$ curl -s whimsy.local | grep '<title>'
+    <title>Apache Whimsy</title>
+```
 
 
 Configure sending of mail

-- 
To stop receiving notification emails like this one, please contact
rubys@apache.org.

Mime
View raw message