I just started using 10.7 Lion Server at my organization and I have to admit it is nice in some ways and infuriating in others. Apple has certainly fixed and introduced quite a few new features such as Profile Manager but have removed features like Mobile Access. The hardest hit service in my opinion when it comes to 10.7 server administration is the Web service. Apple has stripped this service completely out of the Server Admin app and has added a dumbed down version of the service to the Server app. If your unfamiliar the Server app is a program called “Server” that has the worst possible GUI interface and the least possible settings for all services that run through it which is a shame.
The purpose of this entry is to talk about 10.7 server and show you how to accomplish everything that you could accomplish from the Server Admin application through commands using terminal or edits to system files in the operating system. Everything below requires that you be logged in as the root user on the server in order to avoid permission issues.
How to enable PHP
Run this command to check if PHP is enabled on 10.7 server.
cat /etc/apache2/httpd.conf|grep libphp5.soIf the output is
LoadModule php5_module libexec/apache2/libphp5.soand not
#LoadModule php5_module libexec/apache2/libphp5.sothen PHP is enabled. If it is the other way around with a # in the beginning of the line you can just edit the httpd.conf file manually with
sudo pico /etc/apache2/httpd.conf and remove the bracket manually and then restart the web server with
sudo apachectl restartAlternatively you can also enable this via a checkbox in the terrible server.app in 10.7.
How to change the default file type
By default the landing page on all new sites is index.html if you would like to change this or the order in which a webpage searches for the index page then you need to change the default file type.
To do this edit the configuration file appropriate to your site name. Meaning you have to have already configured a site in the 10.7 server.app program once you have a site then you need to edit the site configuration file. If your site was called apple.com then your site configuration would be in /etc/apache2/sites/apple.com.conf or something like that.
You need to edit that file
pico /etc/apache2/sites/nameofyoursite.conflook for the following in the file
<IfModule mod_dir.c>
DirectoryIndex index.html
</IfModule>If you want to change the main page to index.php instead of index.html then replace index.html with index.php. If you want to add it as a secondary load page then you can change it to this.
<IfModule mod_dir.c>
DirectoryIndex index.html index.php
</IfModule>once done save and restart apache.
sudo apachectl restartHow to enable .htaccess
If you are going to be using mod_rewwrite at all for redirects or pretty permalinks (which is very common now) then you need to have this enabled. Again as stated before you have to have a site setup on the server through the server.app program. Once done locate your configuration file as outlined above and make the following changes.
pico /etc/apache2/sites/nameofyoursite.confOnce your in the file look for something that looks similar to the following.
<Directory "/Users/yourname/Sites/">
Options Indexes +MultiViews
AllowOverride All
Order allow,deny
Allow from All
</Directory>It won’t look exactly the same but what you want to do is replace it with what you see above that will enable the .htaccess or mod_rewrite the line of code that actually does this is the “AllowOverride All” command.
How to enable WebDav
To configure WebDAV Sharing for such users, follow these instructions before enabling any WebDAV share points.
Note: The instructions in this article include editing configuration files. You must have root access to edit these files. You should make a backup copy of each file prior to editing it.
This step is optional but highly recommended: Acquire and install a trusted SSL certificate, and use Server App to configure Web Service to use the certificate. You can use the server’s default, self-signed certificate for WebDAV Sharing, but iWork and other applications may warn that the certificate is “invalid”.
You need to edit the following configuration file
pico /etc/apache2/httpd_webdavsharing.confFind the line “AuthType Digest” change Digest to Basic. This makes WebDAV Sharing use Basic authentication, which is required for Active Directory users.
Now edit this configuration file
pico /etc/apache2/webapps/com.apple.webapp.webdavsharing.plistfind these lines
<key>sslPolicy</key>
<integer>0</integer>Change the 0 to 1. This makes WebDAV Sharing require SSL, which is the only secure way to use Basic authentication. Advise users to configure the iWork clients on their iOS devices with an “https” WebDAV URL, like: https://example.com/webdav
How to enable the directory listing
Again as stated before you have to have a site setup on the server through the server.app program. Once done locate your configuration file as outlined above and make the following changes.
You need to edit that file
pico /etc/apache2/sites/nameofyoursite.conffind the words “AllowOverride” in that block where these words are you need to add this line. This line may already be in your file but it may be different simply update it to reflect these changes
Options -Indexes FollowSymLinksHow to enable SSI
If you need to use Server Side Includes in your scripts or website files then do the following to enable it.
sudo pico /etc/httpd/httpd.conflook for these lines
# AddType text/html .shtml
# AddHandler server-parsed .shtmlUncomment those 2 lines (remove the # in front of each of them). Now look in the same file for the following
Options FollowSymLinksAdd “Includes” to the 2nd line so it looks like
Options FollowSymLinks Includessave the file and restart apache
sudo apachectl restartHow to enable VHOSTS
VHOSTS or Virtual Hosts enable you to have multiple domain names mapped to the same site or IP address. To enable this edit the httpd.conf file
sudo pico /etc/apache2/httpd.conf find this line
#Include /private/etc/apache2/extra/httpd-vhosts.confchange it to
Include /private/etc/apache2/extra/httpd-vhosts.confthis will effectively enable VHOSTS. Now you should restart apache.
sudo apachectl restartHow to enable CGI
Again as stated before you have to have a site setup on the server through the server.app program. Once done locate your configuration file as outlined above and make the following changes.
pico /etc/apache2/sites/nameofyoursite.confOnce your in the file look for something that looks similar to the following.
Options Indexes +MultiViewsIt won’t look exactly the same but what need to do is add “-ExecCGI” after “+MultiViews” it should look something like this.
Options Indexes +MultiViews -ExecCGIThis will enable CGI and allow you to run CGI scripts in Apache. Now you should restart apache.
sudo apachectl restartHow to enable Logging
This one boggled my mind, by default website logging is not enabled and again there is no way to enable it in the GUI. You will want to have this enabled to catch errors and fix faulty code. To enable this again we are assuming you already have a site configured with the server.app program. Once done locate your configuration file as outlined above and make the following changes.
pico /etc/apache2/sites/nameofyoursite.conffind the line “DocumentRoot”, Under that line paste the following
CustomLog "/var/log/apache2/access_log" combinedvhost
ErrorLog "/var/log/apache2/error_log"it should now look like this
DocumentRoot "/path/to/your/website/"
CustomLog "/var/log/apache2/access_log" combinedvhost
ErrorLog "/var/log/apache2/error_log"Now you should restart apache.
sudo apachectl restartHow to add a domain alias
This is a common thing that most web admins do to map domains to a single site. This again has been removed from the functionality of the server.app on 10.7 server but is a pretty easy to add. To enable this again we are assuming you already have a site configured with the server.app program. Once done locate your configuration file as outlined above and make the following changes.
pico /etc/apache2/sites/nameofyoursite.confin the site definition file, look for a line that says
ServerName example.com
ServerAlias www.example.comwhere example.com is the domain of your site. You can have more than one alias, just separate them by a spaces on the same line like so.
ServerName example.com
ServerAlias www.example.com alias2.example.com alias3.example.comNow you should restart apache.
sudo apachectl restartHow to restore factory settings to 10.7 Web Service
This one is important. As stated above you should be backing up these config files before you edit them and then making your changes. In the event that something went wrong you can always reset them back to the original settings.
Run this command
sudo serveradmin command web:command=restoreFactorySettingsI got this command by calling Apple directly they also suggested restarting the machine after the restore command, once the computer is back up turn off and then turn on web service to ensure it is working propperly.
Conclusion
All of these commands allow you to leverage Apache and accomplish the tasks that were once easy to accomplish with the Server Admin tool in 10.6 server. There are two options here, learn to love the command line or do not upgrade to 10.7 Lion. Apple is streamlining their GUI interfaces for their tools however there is still power under the hood. Do not be afraid to re-configure these systems Apache, PHP and MYSQL can be installed, modified and improved all from the command line and in some cases they work better after you do. Its not time to quit in my opinion its time to roll up our sleeves and start learning the core of what makes an OSX server truly great and that starts with understanding the open source software that comes bundled with them.
I hope that you all found this article and walkthrough educational, as always please feel free to interact with me by posting questions and comments and I will answer them as best as I can. If you feel like any of this is wrong or could be improved upon also please leave a comment below, thanks!
AI Usage Transparency Report
Pre-AI Era · Written before widespread use of generative AI tools
AI Signal Composition
Score: 0.08 · Low AI Influence
Summary
This article provides a guide on how to enable various features in Apple's Lion Server, including PHP, .htaccess, WebDav, directory listing, SSI, VHOSTS, and CGI.
Related Posts
Roll your own DNS monitoring with DIG, Bash & CRON
If your like me your always looking for ways to be notified of things changing in your IT Environment. There are many tools that you can use to help do this. StatusCake is a great free online tool for monitoring website and IP level uptime and downtime with baked in email notifications. Zeonoss and NAGIOS are great tools that can offer the same with SNMP Monitoring baked in as well.
Authenticate with AD credentials via ARD / SSH
Binding a Mac to an AD is fairly straight forward. Most Mac Admin's worth their salt, know how this is done, many know how to do this via the command line. Once your Mac is bound, authentication is easy, local authentication that is. But what if you want to use your secure AD credentials over an SSH or Apple Remote Desktop connection? Well thats when things need a bit more configuration. Having recently deployed a series of servers with this configuration I figured I would share some of the commands...
Migrate Outlook 2016 Profile from one Mac to another Mac
I recently had to help a client move from one Mac to another, during the process one task proved more challenging than originally anticipated. I wanted to share my info in the event that it helps someone out there. In Outlook 2016 for Mac, Microsoft in its infinite wisdom, has changed the default location of the email profile folder. The new location is not well documented, and I stumbled upon it on an obscure forum post, the location is
Migrate Open Directory 10.10
A few weeks ago I had an old 10.9 open directory master server crash on me and I was unable to restart, luckily I had a good backup of my server which I created using Carbon Copy Cloner on a schedule. If your not using Carbon Copy Cloner I highly recommend doing so its one of the best backup utilities for OSX Server as it runs in the background and can backup and clone multiple directories and or the entire hard drive.
Munki Report-PHP, the new old kid on the block
I have used SCCM for a while now and have to say that I find it very very powerful. The fact that collects plenty of information from the clients, uploads it to a SQL db and keeps a history, plus the ability of create dynamic computer collections based on querys to the SQL and then target those groups with tasks makes it extremely useful in an enterprise environment. Plus the amazing reports you can get if you have an SQL guru around!
Munki Software License Tracking
Beginning with the 0.9.1 builds of the munki tools, Munki can query a webserver to determine if there are available seats for licensed software (or any software you wish to make available via optional_installs, yet control the number of deployed copies). In order to use this feature, here are the things you need:
Install Zenoss on 10.9 Mavericks with VMWare Fusion
If you are a network (or systems) administrator, you know how crucial it is to have the right tools for the job. One of the toughest tools to really nail down is a network monitoring tool. Although there are plenty of such tools out there, they range from the over-priced to the under-featured. Where do you look for any sort of middle ground where features don’t lose out to price?
Deploying Printers with Munki on 10.9 Mavericks
You can use Profile Manager to manage printer lists but the functionality is limited. One major issue with managing printer lists with Profile Manager is if you add a printer to an Profile Manager client’s printer list, and the driver file for that the printer isn’t installed on the client system, the printer will be added using the Generic Printer Driver. Even if the printer driver file is installed later the printer continues to use the Generic Printer Driver.
Updating Munki Web Admin on 10.9 Mavericks Server
Discover the Power of MUNKI: A Robust Solution for Your Mac Management Needs MUNKI is a highly acclaimed product that has earned its place as a top choice among Mac administrators, thanks to its strong community backing and impressive track record. With support from industry giants like Disney and Google, this reliable solution has consistently delivered results across all versions of OSX since its inception. Whether you're managing a small fleet or a large enterprise, MUNKI's robust features and seamless integration make it an ideal choice for any Mac management...
10.9 Deploying Mac App Store Packages
If your like me then your happy that Apple has made several of their wonderful software titles free recently, specifically iLife and iWork for Mavericks. Apple has a defined workflow for deployment of these systems. Their method is to have companies enroll into their Volume Licensing Program once enrolled you can download apps from the app store and the iOS store and deploy these seamlessly to your devices with Profile Manager for Mavericks.
