Free English lessons, with Andrew.

Installing Mojave SSL Hackintosh

.

My existing webserver is a Hackintosh build running El Capitan 10.11.6 with Server.app 5.2, using Letsencrypt certificates. I decided to upgrade to Mojave as hopefully, Mojave will provide improved security now and in the future, for example the version of PHP in El Capitan (5.5x) is very old and a security risk.

I constructed another Hackintosh using similar hardware and installed Mojave 10.14.2, by following this excellent guide https://www.tonymacx86.com.

The Mojave version of Server.app no longer supports websites, so I had to completely remove all trace of Server.app and setup an Apache web server from scratch. This guide by Todd Olthoff works for Mojave as well.

To setup an Apache server I followed the basics of Andy Miller’s three excellent guides https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions
Although the guides are for installing a development server running on localhost, I actually needed a backup webserver, to eventually take the place of an existing webserver.

This was further complicated by the need to configure and test the replacement server online and in parallel with the exisiting server, using the same router and external static IP. The existing server runs on port 443 using Server.app and Letsencrypt. The new Mojave server will (temporarily) need to run on port 444 using Apache and Letsencrypt. As Letsencrypt will only validate over port 80 I will have to briefly shutdown my existing server and reconfigure the replacement Mojave server to run on port 80 during the validation process and certificate generation.

Notes:
1. Using a test domain andrew113.com, I setup DNS using DNSEver.com so that andrew113.com resolves to my router external static IP address.
2. Apache has a main configuration file at: /usr/local/etc/httpd/httpd.conf
My test website is at: /users/username/sites/andrew113.com
3. There are two other configuration files that need to be called from httpd.conf: Virtual Hosts and SSL. You end up with three large files that you have to shuffle between, using terminal, each file is full of clutter and code that you may never use. I found it to be an extremely laborious process, so I decided to minimise and combine all three files into one easy to read file. My consolidated httpd.conf is now less than 130 lines of code, most of which are the LoadModule choices.
4. The key elements of my simplified httpd.conf are:
Listen 80
Listen 443
Listen 444
ServerName Mojave
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

Options Indexes FollowSymLinks AllowOverride all Require all granted

Default virtual host

DocumentRoot “/users/username/sites/andrew113” ServerName andrew113.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/letsencrypt/archive/andrew113.com/fullchain9.pem SSLCertificateKeyFile /etc/letsencrypt/archive/andrew113.com/privkey9.pem

#Website two

DocumentRoot “/users/username/sites/websitetwo” ServerName websitetwo.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/letsencrypt/archive/websitetwo.com/fullchain7.pem SSLCertificateKeyFile /etc/letsencrypt/archive/websitetwo.com/privkey7.pem

Footnote: 24/3/19 I decided to make the switch to Hugo and Netlify, so far so good.

.