Waxing Cerebral

My notes to help remember the processes to get a secure svn server using Apache 2 on OS X Tiger. I know these are documented in lots of places, but it seemed that parts of various HowTos were required in order to do it with current Apache (2.2) and with Tiger. For anyone with Leopard onwards, you can skip the installation of Apache2 as this is now standard from Leopard on (Tiger and earlier used Apache 1.3 and earlier) and here is probably your best bet.

Edit: I drafted this a year ago and never finished (or published) it. Now the server has reverted back to apache1.3 after an update and my ssl cert had expired - time to revive the post! Unfortunately I didn't capture all the steps, especially the setting up of mods-enabled etc, but I'll just use my install as reference. Ask if you need those bits. Meantime, this link may be helpful. Brad.
Edit 2 (16/4/2009): It did it again. If svn access starts to fail, log in to a directory-displaying page or any page that gives the apache http server version - if it says 1.3 then it's reverted back from 2.0 (alternatively, if ls -l /usr/sbin/apachectl shows a single file rather than a symlink to /sw/sbin directory, that also is an indicator it's reverted). Easy fix is (after stopping 'Personal Web Sharing' in System Prefs): sudo ln -sf /sw/sbin/apache2ctl /usr/sbin/apachectl as below. Then start web sharing again; should now be 2.0 running.

Installing Apache httpd 2
1. Apache2 Installation

The bulk of this guide comes from Tim Fanelli's great howto (just the Fink, Apache2, Subversion, and WebDav steps for now). If you don't have XCode Tools installed prior to this, you can get them here (requires free registration). Extra notes to the sections in Tim's guide follow:

• Apache2: At the end of this section you can start up Apache2. Be sure to shut down the 1.3 WebServer first via the Sharing panel of SysPrefs, if it is running. You should then be able to view the Apache2 welcome screen by browsing to http://localhost. You probably won't be able to access this from another machine yet though (even within LAN) as the Mac's firewall won't be allowing it. We'll get to that later.
• Subversion: If you will be carrying this on to use svn, you might as well do this and the WebDAV steps now. You'll need svn-ssl, but may not require svn-client-ssl. I didn't install it.

That's all we need from that blog for setting up the Apache2 server

2. Apache2 Configuration
Next we'll configure Apache2 to be handled by the Sharing panel of SysPrefs, instead of old 1.3.

• cd /usr/sbin
• mv apachectl apachectl1.3 {–> This renames default apache1.3/apachectl command}
• ln -s /sw/sbin/apache2ctl apachectl {–> This creates symlink for Apache2/apachectl command}

Edit /sw/etc/apache2/apache2.conf:

1. Change the pidfile location to:
   
   
   /private/var/run/httpd.pid


2. In order to easily view logs from Console, and to get free log rotation, change the ErrorLog parameter to:
   
   
   /var/log/httpd/error_log


3. And add a new entry:
   
   
   CustomLog /var/log/httpd/access_log common

3. SSL Certificate
Go back to Tim's post and the SSL step. You'll want to follow the link and generate the certificate Important: Ensure you create a CommonName attribute in the certificate. If it is missing then many svn clients will fail to access the site. After doing that though, a couple of the commands given back in the main howto are wrong. Change sudo cp ~/server.key /sw/etc/apache2/ssl.key/ to sudo cp ~/sslcert/server.key /sw/etc/apache2/ssl.key/ and the same for .crt.



For better security, don't do the decryption suggested. However, for
pragmatism and to be able to control the server via the SysPrefs, just
do it :)