krypted.com

Tiny Deathstars of Foulness

In an earlier article, I mentioned that MAMP Pro was still the best native GUI for managing web services on the Mac, now that macOS Server will no longer serve up those patchy services. After we cover the management in this article, you’ll likely understand why it comes it at $59. 

So you’ve installed MAMP. And you need more than the few basic buttons available there. So MAMP Pro came with it and you can try it for a couple of weeks for free. When you open MAMP Pro, you’ll see a screen where you can perform a number of management tasks. This is a more traditional side-bar-driven screen that will look like what Server Admin might have looked like before the web services screen got simplified in macOS Server.

The Hosts item in SETTINGS will show you each host installed on the server. Think of a host as a site. Each web server can serve up a virtually unlimited number of websites. You can configure an IP binding to the site, or hav
 
If you click on the plus sign, you can add a site. In this example, I’ll add www.krypted.com and then click on create. When doing so, you can configure a database for each site (e.g. if you’re doing multi-tenant hosting), build a site off a template, or select a root directory for the site. 



The Apache tab of each host allows you to configure host-specific settings, including enabling options for directives such as Indexes, Includes, SymLink following, and CGI. More options than were in macOS Server for sure. You can also order allows, allow overrides, add new directives, set the index (or the default page of each site), add additional virtualhosts (such as krypted.com for www.krypted.com), and add a server admin email address. 

These were Apache-centric settings for each host. Click on the Nginx tab if you’re using Nginx instead of Apache. Nginx is a bit less “patchy” so there are a fewer options here. But they’re similar: Configure an index, add parameters, and a feature not available in the GUI options for Apache: allow or deny access based on IP.
 
The SSL tab allows you to generate a CSR, upload the cert and key file, and force connections to use https.

The Extras tab allows you to automatically install standard web packages. For example, here we’ll select WordPress.

Click on the Databases tab. To connect a site to a database, enter the name of the database when prompted. Note: the site itself will need credentials in order to connect, and if you’ve setup an “Extra” in the above step, the database will automatically be configured.

Next, let’s configure the ports used by the web servers. The previous settings were per-site. The rest that we cover in this article will be per-server, as these are global settings applied to the daemons themselves. Each of those services will have a port or ports associated with them. For example, the standard web port used is 80 or 443 for SSL-based connections and the standard port for MySQL is 3306. For publicly-facing sites these would be the standard ports, and given how common they are, there’s a button for “Set ports to 80, 81, 443, 7443, 3306”. Otherwise, you can enter each independently. Because the attaching of daemons is done here, this is also where you configure the user that services run as, as well as when to start the services and truncate log files.

The Editor option configures how the editor appears, which we’ll cover last in this article. The Editing option manages how the editor works (e.g. things  like tabs, autocompletes, etc.

The Fonts & Colors tab allows you to select each color assigned to various types of text.  

The Default Apps tab allows you to configure which app is opened when opening each type of file supported. 

Again, we’ll look at the editor later in this article. First, let’s finish getting the web server setup. Click on Apache. Here, you can load new Apache mods you download from the interwebs. I should mention that an important security step in locking down a publicly-facing web server is to disable all of the mods you don’t absolutely need. 

At the bottom of this screen, there’s also a handle little link to the directory with your logs, so you can read through them if needed.

The Nginx option underneath is similar. Access to log files is there, as is the ability to enable installed Nginx mods. 

The MySQL option also provides access to some straight-forward command-line options, but in a nice GUI. Here, you can configure a root password for MySQL ( which does this: Reset A Lost MySQL Password ), enable phpMyAdmin, MySQL Workbench, and Sequel Pro-based administration, enable network access to the MySQL Service (using ports configured in the Ports section of the app) which I cover at Allow Remote Connections To MySQL, and view logs.

The Dynamic DNS options are cool. Click there, and if your web server is behind a DHCP address, you can configure a dynamic DNS service including DNS-O-Matic, no-ip.com, dyn.com, easydns.com, etc. This way when you reboot and get a new IP address from your ISP, it’ll update the service automatically.

Memcached is a distributed memory object caching system. It’s used to make sites appear faster or to distribute caching between servers for systems that, for example, get clustered. It’s included here for a reason, I’m sure of it! Either way, I actually use it for a few things and like the fact that it’s there. To enable, simply choose how much memory to give it, configure the logging level (usually low unless you’re troubleshooting), and gain access to logs. If you check the “Include Memcached server in GroupStart” then memcache will fire up when you start your web services.

Click postfix. Here, you configure your server to route mail through an email account. If you run this from the command line, you can also configure your server to be a mail server; however, when you do that you’re likely to get mail bouncing all over the place. So if the server or a service on the server is supposed to send mail, it’s usually best to route through something like a gmail account. 

The Languages section allows you to configure how PHP, Python, Perl, and Ruby work on the server. For PHP, you can configure which version of PHP is installed, configure a version of PHP for hosts, enable caching (different than memcached), enable a few basic extensions (I’ve been playing with oauth a lot recently), choose logging options, and have a simple way to see the logs. 

Since you’re running on a Mac, you already have Python, but if you click on the Python option, you can make the version of Python bundled with Mac is 2.7.10 instead of 2.7.13.

Click on Perl to do the same.

Click on Ruby to do the same.

The editor is also pretty easy to use. Simply use the plus sign to add a file you’d like to edit. Keep in mind when browsing that everything MAMP Pro needs is self-contained in the /Applications/MAMP directory, so it should be pretty easy to find files for editing. 

And that’s it. This seems like a lot of stuff, but between sites like ServerFault and other Apache/Nginx articles, you’ll likely find most of the things you need. It’s worth mentioning that I consider this another baby step to just managing Apache using config files. macOS Server tried hard to reduce the complexity of where different settings and options are derived from; MAMP Pro makes no allusion that web server management should be so simple. That’s one of the things I like about it. It’s like you went from riding in a buggy on the back of a bike to riding with training wheels. The more you know, the better off you are.

March 10th, 2018

Posted In: Mac OS X, Mac OS X Server, Mac Security, WordPress

Tags: , , , , , , , , , , ,

There’s another new conference in town! Well, not my town, but Vancouver. MacDev Ops is a hot topic. One that will only increase in the coming years. Thanks to Mat X and Brian Warsing for bringing about a brilliant conference. Screen Shot 2015-03-23 at 10.43.50 PM The conference will be held on June 19, 2015 and is an easy $99 if you sign up soon. Also, submit a talk if DevOps is your thing. They’re looking to bring the following topics to the table:
  • Puppet, Chef and other automation from Desktop to Cloud and back
  • Software deployment with Munki and AutoPkg: the app ecosystem surrounding it
  • Cool tools: demo of awesome Mac Admin projects from GitHub
  • DevOps: How to adopt Automation and Best practices in IT operations
  • Dev skills: workshops on Ruby, Git, Python, Javascript for Mac Admins
  • MDM: Profiles and Mac configuration management in the cloud
This is sure to be a good one. Check it out here!

March 23rd, 2015

Posted In: Mac OS X, Programming, Unix

Tags: , , , , , , , , , ,

Pow is a Rack server for OS X. It’s quick and easy to use and lets you skip that whole update an Apache file, then edit /etc/hosts, ethane move a file, then run an app type of process. To get started with Pow, curl it down and pipe it to a shell, then provide the password when prompted to do so: odr:~ charlesedge$ curl get.pow.cx | sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 9039 100 9039 0 0 10995 0 --:--:-- --:--:-- --:--:-- 10996 *** Installing Pow 0.5.0... *** Installing local configuration files... /Users/charlesedge/Library/LaunchAgents/cx.pow.powd.plist *** Installing system configuration files as root... Password: /Library/LaunchDaemons/cx.pow.firewall.plist /etc/resolver/dev *** Starting the Pow server... *** Performing self-test... *** Installed For troubleshooting instructions, please see the Pow wiki: https://github.com/basecamp/pow/wiki/Troubleshooting To uninstall Pow, `curl get.pow.cx/uninstall.sh | sh` To install an app into Pow, create a symlink to it using ln (assuming ~/.pow is your current working directory): ln -s /path/to/myapp Then just open the url, assuming my app is kryptedapp.com: open http://kryptedapp.com Pow can also use ~/Library/LaunchAgents/cx.pow.powd.plist to port proxy. This allows you to redirect different apps to different ports. When pow boots, it runs .powconfig, so there’s a lot you can do there, like export, etc. Once you’re done testing out pow, if you don’t decide it’s awesome, remove it with the following command: curl get.pow.cx/uninstall.sh | sh

February 2nd, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Ubuntu, Unix, WordPress

Tags: , , , , , , , ,

Microsoft Azure is Microsoft’s cloud services. Azure can host virtual machines and act as a location to store files. However, Azure can do much more as well, providing an Active Directory instance, provide SQL database access, work with hosted Visual Studio, host web sites or provide BizTalk services. All of these can be managed at https://manage.windowsazure.com. windows_azure_logo6 You can also manage Windows Azure from the command line on Linux, Windows or Mac. To download command line tools, visit http://www.windowsazure.com/en-us/downloads/#cmd-line-tools. Once downloaded, run the package installer. Screen Shot 2013-11-29 at 10.51.01 PMWhen the package is finished installing, visit /usr/local/bin where you’ll find the azure binary. Once installed, you’ll need to configure your account from the windowsazure.com site to work with your computer. To do so, log into the windowsazure.com portal. Screen Shot 2013-12-01 at 8.25.57 PM Once logged in, open Terminal and then use the azure command along with the account option and the download verb: azure account download This account downloads the .publishsettings file for the account you’re logged in as in your browser. Once downloaded, run azure with the account option and the import verb, dragging the path to your .publishsettings file from https://manage.windowsazure.com/publishsettings/index?client=xplat: azure account import /Users/krypted/Downloads/WindowsAzure-credentials.publishsettings The account import then completes and your user is imported into azure. Once imported, run azure with the account option and then storage list: azure account storage list You might not have any storage configured yet, but at this point you should see the following to indicate that the account is working: info: No storage accounts defined info: account storage list command OK You can also run the azure command by itself to see some neat ascii-art (although the azure logo doesn’t really come through in this spiffy cut and paste job): info: _ _____ _ ___ ___________________ info:        /_\  |__ / | | | _ \ __| info: _ ___ / _ \__/ /| |_| |   / _|___ _ _ info: (___ /_/ \_\/___|\___/|_|_\___| _____) info: (_______ _ _) _ ______ _)_ _ info: (______________ _ ) (___ _ _) info: info: Windows Azure: Microsoft's Cloud Platform info: info: Tool version 0.7.4 help: help: Display help for a given command help: help [options] [command] help: help: Open the portal in a browser help: portal [options] help: help: Commands: help: account to manage your account information and publish settings help: config Commands to manage your local settings help: hdinsight Commands to manage your HDInsight accounts help: mobile Commands to manage your Mobile Services help: network Commands to manage your Networks help: sb Commands to manage your Service Bus configuration help: service Commands to manage your Cloud Services help: site Commands to manage your Web Sites help: sql Commands to manage your SQL Server accounts help: storage Commands to manage your Storage objects help: vm Commands to manage your Virtual Machines help: help: Options: help: -h, --help output usage information help: -v, --version output the application version Provided the account is working, you can then use the account, config, hdinsight, mobile, network, sb, service, site, sql, storage or vm options. Each of these can be invoked along with a -h option to show a help page. For example, to see a help page for service: azure service -h You can spin up resources including sites, storage containers and even virtual machines (although you might need to create templates for VMs first). As an example, let’s create a new site using the git template: azure site create --git Overall, there are a lot of options available in the azure command line interface. The web interface is very simple, with options in the command line interface mirroring the options in the web interface. Running and therefore scripting around these commands is straight forward. I wrote up some Amazon stuff previously at http://krypted.com/commands/amazon-s3cmd-commands, but the azure controls are really full featured and I’m really becoming a huge fan of the service itself the more I use it (which likely means I’ll post more articles on it soon).

December 2nd, 2013

Posted In: cloud, Network Infrastructure, SQL, Ubuntu, Unix, VMware, Windows Server

Tags: , , , , , , , , , , ,

Create a file called goodmorning.rb and paste the following into it: #!/usr/bin/env ruby puts 'Good Morning' Make the file executable for your user. Then run the file (let’s just say it’s on the desktop of a user named admin): /Users/admin/Desktop/goodmorning.rb That’s all for this morning…

February 9th, 2012

Posted In: Mac OS X

Tags: , ,

I originally posted this at http://www.318.com/TechJournal So Ruby on Rails… What does this mean for me and what exactly is Ruby on Rails from a systems administration standpoint? Ruby on Rails was created by David Heinemeier Hansson from his work on Basecamp, a web-based project-management tool, by the company 37signals. Ruby on Rails was first released to the public in July 2004. Ruby on Rails is a web application framework designed to support the development of dynamic websites. To see some sites built using Ruby on Rails check out http://happycodr.com Ruby is an object-oriented program language that Rails is built on.  To access rails, you can use the rails command. The Ruby on Rails framework is built into Leopard Server and can be started up using the mongrel_rails start command. It can be stopped using the mongrel_rails command. Mongrel is a fast HTTP library and server for Ruby. Mongrel_rails is a command line tool that can be used to control the Mongrel webserver. Some options to the mongrel_rails command include the following: -d daemonize -p assign a custom port -a assign an address for the HTTP listener -l assign a log file to use -t customize the timeout variable -m use additional MIME types -r change the document root -B enable debugging -C use a configuration file -S define an additional config script -h access the help libraries -G generate a config file –user define who the server will run as –version get the version information for Mongrel But that’s not all you can do with mongrel_rails. The actual file is not compiled so you can read it in clear text and learn more about what it is doing behind the scenes. Just cd into the /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/gems/1.8/gems/mongrel-1.0.1/bin/ folder to find it. One item of note is the inclusion ofmongrel_rails_persist, a wrapper for mongrel_rails that allows admins to register the Mongrel Server with Bonjour and create a launchd plist to run Mongrel (/Library/LaunchAgents/com.apple.persist.portnnnn.mongrel_rails_server.plist). So let’s say that you have a Ruby application that lives at the following location /Library/WebServer/MyRubyApp. You can run the following command to launch it over port 8001 in a persistent manner: mongrel_rails_persist start -p 8001 -c /Library/WebServer/MyRubyApp To access it from a web browser you would enter the address http://servername.domainname.com:8001 From here you’ll be able to daemonize Mongrel and provide the Rails development framework to developers in your environment. There are already a lot of projects for using Ruby with FileMaker and other database systems, so keep an eye out for more information about this piece of Leopard Server!

November 12th, 2007

Posted In: Mac OS X Server

Tags: , , , , , ,