Please note we will close your issue without comment if you delete, do not read or do not fill out the issue checklist below and provide ALL the requested information. If you repeatedly fail to use the issue template, we will block you from ever submitting issues to Homebrew again.
What you were trying to do (and why)
sett up a secure LAMP stack with SSL using a self-signed certificate
What happened (include screenshots)
Server can be reached via tomcloud.ddns.net:8080 from the computer it selv or via external devices
Server cannot be reached via https://tomcloud.ddns.net, tomcloud.ddns.net:443 or https://tomcloud.ddns.net:443 from the computer it selv or via external devices
What you expected to happen
Establish a secure connection with ssl to the server
Hi
I would like to host a nextcloud instance on my Mac, how ever I am stuck while setting up a secure LAMP stack. Everything works fine, until i try to set up ssl on the server. After setting up ssl, I am able to connect to the server via tomcloud.ddns.net:8080 on the computer it selv and via external devices, How ever, I can't reach the Server via https://tomcloud.ddns.net, tomcloud.ddns.net:443 or https://tomcloud.ddns.net:443. I couldn't solve the problem while reading the documentations, investigating the error codes from the command line or the log files. I think it doesn't work because I use the wrong type of certifikats, but I've no cloo how to create the apropriate certifikats. I've tryed to document my steps from start to the end as acurate as possible. Ive also listed all the configuration documents, the used certifikats, keys and the log files. The "ssl_request_log" and the "tomcloud.ddns.net-error_log" are emty.
To narrow down the problem, I don't have nextcloud in the DocumentRoot folder yet. I copied the index.html document from the www folder to the DocumentRoot folder (nextcloud).
I am very grateful for help, solutions and tips.
thank you
Tom
device informations
Computer: MacBook Pro 13 2020
Processor: 2 GHz Quad-Core Intel Core i5
Operating system: macOS Monterey 12.2.1
description of the steps
Stop and uninstall native apache
sudo apachectl stop
sudo launchctl unload -w /Systems/Library/LaunchDaemons/org.apache.httpd.plist
Install Homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Customize homebrew settings
Brew analytics off
Install httpd (apache) with Homebrew
brew install httpd
Configure httpd
Path to httpd.conf document:
/usr/local/etc/httpd/httpd.conf
Configurations in the httpd.conf document
In section „Options Indexes FollowSymLinks“ of the httpd.conf document
AllowOverride None -> AllowOverride All
Modules in the httpd.conf document
#LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so -> LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
In section „# Dynamic Shared Object (DSO) Support“ hunter „LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so“ insert the following:
LoadModule php_module /usr/local/opt/[email protected]/lib/httpd/modules/libphp.so
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
Customize user and group in httpd.conf document
User _www -> User tomgoetz
Group _www -> Group staff
Enable php in the httpd.conf document
DirectoryIndex index.html -> DirectoryIndex index.php index.html
Enable virtual hosts in the httpd.conf dokument
#Include /usr/local/etc/httpd/extra/httpd-vhosts.conf -> Include /usr/local/etc/httpd/extra/httpd-vhosts.conf
Change server name
#ServerName www.example.com:8080 -> ServerName localhost
Install php with homebrew
Brew install [email protected]
Change [email protected] settings
echo 'export PATH="/usr/local/opt/[email protected]/bin:$PATH"' >> ~/.zshrc
echo 'export PATH="/usr/local/opt/[email protected]/sbin:$PATH"' >> ~/.zshrc
export LDFLAGS="-L/usr/local/opt/[email protected]/lib"
export CPPFLAGS="-I/usr/local/opt/[email protected]/include"
Install mysql with homebrew
brew install mysql
Start mysql
brew services start mysql
Set up mysql
mysql_secure_installation to start configuring MySQL
Terminal output
tomgoetz@MacBook-Pro-von-Tom ~ % mysql_secure_installation to start configuring MySQL
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: n
Please set the password for root here.
New password:
Re-enter new password:
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done!
tomgoetz@MacBook-Pro-von-Tom ~ %
Set up virtual hosts
Path to vhosts.conf document:
/usr/local/etc/httpd/extra/httpd-vhosts.conf
Content of the vhosts.conf document:
<VirtualHost *:8080>
ServerAdmin
DocumentRoot "/usr/local/var/www/nextcloud"
ServerName tomcloud.ddns.net
ServerAlias www.tomcloud.ddns.net
ErrorLog "/usr/local/var/log/httpd/tomcloud.ddns.net-error_log"
CustomLog "/usr/local/var/log/httpd/tomcloud.ddns.net-access_log" common
Create DocumentRoot folder
DocumentRoot folder path:
/usr/local/var/www/nextcloud
Set rights for DocumentRoot
Sudo chown -R tomgoetz:staff /usr/local/var/www
Sudo chown -R tomgoetz:staff /usr/local/var/www/nextcloud
Close httpd.conf and vhosts.conf document and save changes
Restart httpd, php and mysql
Sudo Brew services stop httpd
Sudo Brew services stop [email protected]
Brew services stop mysql
Brew services start httpd
Brew services start [email protected]
Brew services start mysql
Reboot computer
tomcloud.ddns.net:8080 is online but without ssl
Enable ssl
Configure httpd.conf document
Enable httpd-ssl.conf in the httpd.conf document
#Include /usr/local/etc/httpd/extra/httpd-ssl.conf -> Include /usr/local/etc/httpd/extra/httpd-ssl.conf
Enable required modules in httpd.conf document
#LoadModule ssl_module lib/httpd/modules/mod_ssl.so -> LoadModule ssl_module lib/httpd/modules/mod_ssl.so
#LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so -> LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
Create certs folder
Path of certs folder:
/usr/local/etc/httpd/certs
Create required documents
openssl genrsa -out key.pem 2048
openssl req -new -sha256 -key key.pem -out csr.csr
openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem
Terminal output
tomgoetz@MacBook-Pro-von-Tom ~ % openssl genrsa -out key.pem 2048
Generating RSA private key, 2048 bit long modulus
...................................................+++
.......................................+++
e is 65537 (0x10001)
tomgoetz@MacBook-Pro-von-Tom ~ % openssl req -new -sha256 -key key.pem -out csr.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:tomcloud.ddns.net
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
tomgoetz@MacBook-Pro-von-Tom ~ % openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem
tomgoetz@MacBook-Pro-von-Tom ~ %
Copy certificate.pem, key.pem and csr.csr documents to the certs folder
Configure httpd-ssl.conf document
Path of httpd-ssl.conf document:
/usr/local/etc/httpd/extra/httpd-ssl.conf
Changes in the httpd-ssl.conf document
Customize path to documents
SSLCertificateFile "/usr/local/etc/httpd/server.crt" -> SSLCertificateFile "/usr/local/etc/httpd/certs/certificate.pem"
SSLCertificateKeyFile "/usr/local/etc/httpd/server.key" -> SSLCertificateKeyFile "/usr/local/etc/httpd/certs/key.pem"
Configure httpd-vhosts.conf document
Content of the httpd-vhosts.conf document:
<VirtualHost *:8080>
ServerAdmin x
DocumentRoot "/usr/local/var/www/nextcloud"
ServerName tomcloud.ddns.net
ServerAlias www.tomcloud.ddns.net
ErrorLog "/usr/local/var/log/httpd/tomcloud.ddns.net-error_log"
CustomLog "/usr/local/var/log/httpd/tomcloud.ddns.net-access_log" common
<VirtualHost *:443>
ServerAdmin x
DocumentRoot "/usr/local/var/www/nextcloud"
SSLEngine on
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLCertificateFile "/usr/local/etc/httpd/certs/certificate.pem"
SSLCertificateKeyFile "/usr/local/etc/httpd/certs/key.pem"
ServerName tomcloud.ddns.net
ServerAlias www.tomcloud.ddns.net
ErrorLog "/usr/local/var/log/httpd/tomcloud.ddns.net-error_log"
CustomLog "/usr/local/var/log/httpd/tomcloud.ddns.net-access_log" common
Close httpd.conf, httpd-ssl.conf and httpd-vhosts.conf documents and save changes
Reboot computer
Server can be reached via tomcloud.ddns.net:8080 from the computer it selv or via external devices
Server cannot be reached via https://tomcloud.ddns.net, tomcloud.ddns.net:443 or https://tomcloud.ddns.net:443 from the computer it selv or via external devices
Terminal output trying to find the error
Last login: Mon Feb 21 22:08:40 on ttys000
tomgoetz@MacBook-Pro-von-Tom ~ % brew services list
Name Status User File
httpd error 256 root ~/Library/LaunchAgents/homebrew.mxcl.httpd.plist
mysql started tomgoetz ~/Library/LaunchAgents/homebrew.mxcl.mysql.plist
[email protected] started tomgoetz ~/Library/LaunchAgents/[email protected]
tomgoetz@MacBook-Pro-von-Tom ~ % httpd -t
Syntax OK
tomgoetz@MacBook-Pro-von-Tom ~ % /usr/local/opt/httpd/bin/httpd -D FOREGROUND
(48)Address already in use: AH00072: make_sock: could not bind to address [::]:8080
(48)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8080
no listening sockets available, shutting down
AH00015: Unable to open logs
tomgoetz@MacBook-Pro-von-Tom ~ %
Listed documents .zip