English for IT Professionals
Hello, my name is Andrew and I live in Australia. Please post your comments, and essays for correction, in the red rectangle below. Click on the Menu above to read or download free basic grammar books and free English lessons.
Our topic for today, Thursday the seventeenth of January, 2019.
Installing Mojave on a Hackintosh and configuring SSL.
My existing webserver is a Hackintosh build running El Capitan 10.11.6 with Server.app 5.2. There are presently three websites and one FTP. The websites are all HTTPS, using Letsencrypt certificates. The server is working fine and has been for many years, however I decided to upgrade to Mojave as hopefully, Mojave will provide improved security now and in the future, for example the version of PHP in El Capitan (5.5x) is very old and a security risk.
For Mojave I constructed another Hackintosh using similar hardware and installed Mojave 10.14.2, by following the excellent guide at: https://www.tonymacx86.com. The Mojave version of Server.app no longer supports websites, so I had to completely remove all trace of Server.app and setup an Apache web server from scratch.
To setup an Apache server I followed the basics of Andy Miller’s three excellent guides https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions
Although the guides are for installing a development server running on localhost, I actually needed a backup webserver, fully upgraded to eventually take the place of an existing webserver.
This was further complicated as I needed to configure and test the replacement server online and in parallel with the exisiting server, using the same router and external static IP. The exisiting server runs on port 443 using Server.app and Letsencrypt. The new Mojave server will (temporarily) need to run on port 444 using Apache and Letsencrypt. As Letsencrypt will only validate over port 80 I will have to briefly shutdown my existing server and reconfigure the replacement Mojave server to run on port 80 during the validation process and certificate generation.
1. Using a test domain andrew113.com, I setup DNS using DNSEver.com so that andrew113.com resolves to my router external static IP address.
2. Apache has a main configuration file at: /usr/local/etc/httpd/httpd.conf
My test website is at: /users/username/sites/andrew113.com
3. There are two other configuration files that need to be called from httpd.conf: Virtual Hosts and SSL. You end up with three large files that you have to shuffle between, using terminal, each file is full of clutter and code that you may never use. I found it to be an extremely laborious process, so I decided to minimise and combine all three files into one easy to read file. My consolidated httpd.conf is now less than 130 lines of code, most of which are the LoadModule choices.
4. The key elements of my simplified httpd.conf are:
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
<Directory /users/username/Sites/andrew113> Options Indexes FollowSymLinks AllowOverride all Require all granted </Directory> # <VirtualHost _default_:444> DocumentRoot "/users/username/sites/andrew113" ServerName Mojave SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/letsencrypt/archive/andrew113.com/fullchain9.pem SSLCertificateKeyFile /etc/letsencrypt/archive/andrew113.com/privkey9.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> # SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost>
You can find the test Mojave server at: https://andrew113.com:444