The MacPorts.info Tutorial

Transform a Mac into an Open-Source Server

Macports.info Tutorial Overview

MacPorts provides an infrastructure for building, installing, and packaging open source software. It is designed to match the functionality of the FreeBSD Ports system and to be extensible for future enhancements.
- from the MacPorts Installer Read Me file

There are numerous good tutorials on how to enable a fresh Mac OS X installation as a DAMP (Darwin/Apache/MySQL/PHP) server (e.g. O‘Reilly runs MacDevCenter.com, which has a wealth of excellent Mac information, including tutorials on DAMP). After all Mac OS X (10.4) comes with the open-source Apache (1.X), MySQL (version 4.1.14) and PHP (4.X) already installed. They just need to be configured and activated.

The problem with enabling the built-in open-source environment on Mac OS X is that it is not up-to-date, and inevitably one updates a module (say php 5 instead of the default php4 for example), or installs other custom open-source software, only to find on the next Mac OS X Important Security Update that the environment has been compromised - either downgraded, obliterated or otherwise fatally modified.

Fortunately there are solutions. The first of these to be offered was the Fink environment, which installs a complete DAMP environment in its own root directory (/sw/). Apple promises to leave this directory alone with all system software updates, and Fink promises to keep that directory up to date. The drawback with Fink is that it has very few packages available, and the user tends to find a need to either create a package of their own, or install from source code - not a welcome idea when there are so many excellent DAMP packages out there.

The solution preferred and promoted by this website is MacPorts. Apple very wisely based Mac OS X on FreeBSD, which has its own Ports package management system claiming some 17,576 packages available. MacPorts is the migration of FreeBSD Ports to Mac OS X. You will find (nearly) all the packages you need are available, and installation and maintenance of a comprehensive up-to-date DAMP environment is now feasible.

This is a tutorial that guides you through the installation of MacPorts, and its use to install and configure the open-source packages that change the Mac into an industrial-strength open-source server. It is organized so that you can follow through the tutorial with the menu items at left.

MacPorts Installation

MacPorts is installed with a disk image containing a Universal binary for Mac OS X 10.4.x and requires valid TCL, curl and OpenSSL installations to function - all present by default on Mac OS X. Also required is the installation of Apple"s Xcode programing suite, available as a separate installation from your OS X CDs or DVD, or preferably the latest version from Apple"s Developer site: http://developer.apple.com/tools/xcode/.

If you are not running Mac OS X 10.4 or Apple"s Xcode programming suite, refer to the Mac OS-X instructions in the menu at left.

To proceed with downloading and installing MacPorts itself, refer to the MacPorts instructions in the menu at left.

For those of you who prefer a GUI over the command line, Porticus is a Cocoa GUI for the MacPorts package manager. Please refer to the Porticus instructions in the menu at left.

Webmin

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, MySQL, Postfix, BIND (DNS), file sharing and much more. It is absolutely essential for anyone who prefers a GUI interface rather than a command line.

Webmin is the must-have GUI environemnt for Mac OS X open-source system administration. I have suggested that it be first MacPorts installation, as many of the MacPorts installations can be later configured to be managed in Webmin. Comprehensive documentation for Webmin is freely available online, including The Book of Webmin.

Webmin is written entirely in PERL, so you are encouraged to install an up-to-date MacPorts PERL environment before installing Webmin. To install PERL, just execute the following from a command line (you may be required to enter a Mac OS X administrative password):

sudo port install perl5.8

After this PERL installation, the /opt/local/bin directory has perl and perl5.8.8, compared to the default Mac OS X /usr/bin directory with perl and perl5.8.6. A log of the PERL installation can be found here.

Before installing Webmin, it is also good to install ssleay as support for SSL. This can be done by executing the following from a command line (you may be required to enter a Mac OS X administrative password again):

sudo port install p5-net-ssleay

A log of the SSLeay installation can be found here.

To install Webmin, first download the latest tar.gz package, either using a browser from http://webmin.com/download.html. You can then double-click on the tar.gz file to expand the file into a Webmin directory. Alternatively, you can do the download and installation entirely from the command line:

cd /
curl -O http://easynews.dl.sourceforge.net/sourceforge/webadmin/webmin-1.470.tar.gz
gnutar zxf webmin-1.470.tar.gz

Regardless of browser or command line, you will then need to run the install shell script from the command line:

cd webmin-1.470
sudo ./setup.sh /opt/local/webmin

This instruction starts a shell script which installs Webmin using a number of default responses. We want to change many of those default responses so that Webmin is installed in the MacPorts opt directory. The following is a transcript of the installation shell script, with the required responses:

DAMP Installation

You can now use MacPorts to install the latest packages of Apache, MySQL and PHP. You can follow the MacPorts Installation tutorial, if MacPorts is not yet installed.

A powerful feature of MacPorts is that you can install packages together, and the various dependencies will be figured out for you. So to install Apache version 2, MySQL version 5 and PHP version 5, enter the following at the command line (as it is a sudo command, you may be asked to enter your adminstrative passwrod):

sudo port install php5 +apache2 +mysql5

This will take a while to download and run through everything. As an example, it takes approximately 1.75 hours on a 1.66 GHz Intel Core Duo Mac Mini.

Please refer to the sub-menu pages on the left for Apache, MySQL and PHP, for information on how to configure these applications in the MacPorts opt directory.

A log of the Apache/MySQL/PHP (DAMP) installation can be found here.

BIND

BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization’s naming architecture can be built.
- BIND Website

To install the MacPorts BIND (DNS) package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install bind9

Mac OS X 10.5 (Leopard) includes BIND version 9.4.1. The Mac OS X 10.4 (Tiger) default installation includes BIND DNS Server version 9.3.4. MacPorts will install version 9.4.2 of BIND.

Before you configure the BIND you just installed, first install and configure Webmin (see menu at left). Login to Webmin on your server once it is up, and go the BIND DNS Server under the Servers menu. Click the Module Config link, and set the following configurable options:

Full path to the named.conf file: /opt/local/etc/named.conf
Full path to the named executable: /opt/local/sbin/named
Full path to the rndc.conf file: /opt/local/etc/rndc.conf

Note that if you set the Full path to the rndc.conf file, you will probably also want to set the Setup RNDC Global Server Option in BIND as well. This will let you refresh individual zones without needing to do a full BIND restart.

A log of the BIND DNS installation can be found here.

Now you can click on the Start BIND Nameserver button in Webmin and add zone files.

Chapter 8 of the Book of Webmin is a great online guide for managing the BIND DNS Server with Webmin.

Postfix

Postfix attempts to be fast, easy to administer, and secure mailer while at the same time being sendmail compatible enough to not upset existing users.
- Postfix Website

Installation

The Mac OS X 10.4 default installation includes Postfix version 2.1.5. MacPorts will install version 2.3.8 of Postfix.

To install the MacPorts Postfix package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install postfix

Configuration

To configure the installed Postfix, we need to create configuration files in /opt/local/etc/postfix by entering the following at the command line:

cd /opt/local/etc/postfix
sudo cp main.cf.sample main.cf
sudo cp master.cf.sample master.cf

Before you continue with the Postfix configuration, first install and configure Webmin (see menu at left). Login to Webmin on your server once it is up, and go to Postfix under the Servers menu. Click the Module Config link, and set the following configurable options:

Full path to Postfix control command:
/opt/local/sbin/postfix

Full path to Postfix config command
opt/local/sbin/postconf

Full path to Postfix config file:
/opt/local/etc/postfix/main.cf

Full path to Postfix master.cf file:
/opt/local/etc/postfix/master.cf

Full path to Postfix aliases generation command:
/opt/local/sbin/postalias

Full path to “newaliases” (Sendmail compatibility) command:
/usr/bin/newaliases -> ?

Full path to Postfix lookup table command management (`postmap"):
/opt/local/sbin/postmap

Full path to Postfix queue management command (`postqueue"):
/opt/local/sbin/postqueue

Full path to Postfix supervisor command:
/opt/local/sbin/postsuper

Mail queue base directory:
/opt/local/var/spool/postfix

Mail queue display command:
/opt/local/bin/mailq

Mail queue decoding command:
/opt/local/sbin/postcat

Save Configuration -> it is now Postfix 2.3.8

A log of the Postfix installation can be found here.

Documentation

Chapter 10 of the Book of Webmin is a great online guide for managing Postfix with Webmin. Other online resources include Postfix Basic Configuration and Virtual Hosting email with Postfix.

Check out Postfix-Tutorial.com for a comprehensive tutorial on the installation of a database-driven Postfix, with Spamassassin, Courier and SASL.

Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on Unix and Windows and is licensed under the GNU GPL.
- Squid Website

Mac OS X 10.4 does not come with Squid pre-installed. To install version 2.6 of the MacPorts Squid Proxy Server package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install squid

Before you configure Squid, first install and configure Webmin (see menu at left). Login to Webmin on your server once it is up, and go to Squid Proxy Server under the Servers menu. Click the Module Config link, and set the following configurable options:

Full path to squid config file:
/opt/local/etc/squid/squid.conf

Squid executable:
/opt/local/sbin/squid

Full path to PID file:
/opt/local/var/squid/logs/squid.pid

Full path to squid cache directory:
/opt/local/var/squid/cache

Squid cachemgr.cgi executable:
/opt/local/libexec/cachemgr.cgi

Full path to squid log directory:
/opt/local/var/squid/logs

Path to squidclient program:
/opt/local/bin/squidclient

Your Squid cache directory /opt/local/var/squid/cache has not been initialized.This must be done before Squid can be run.

Initializing the Squid cache with the command /opt/local/sbin/squid -f /opt/local/etc/squid/squid.conf -z ..

A log of the Squid installation can be found here.

Chapter 12 of the Book of Webmin is a great online guide for managing Squid with Webmin.

Subversion

Subversion, or SVN, is a version control system that is a compelling replacement for CVS (Concurrent Versions System) in the open source community. The software is released under an Apache/BSD-style open source license.
- Subversion Website

To install the Subversion (SVN) package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install subversion +mod_dav_svn

A log of the Subversion (SVN) installation can be found here.

Trac

Trac is a web-based software project management and bug/issue tracking system. It provides an interface to Subversion and an integrated wiki.
- Trac Website

To install the Trac package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install trac

A log of the Trac installation can be found here.

lighttpd

LightTPD is rapidly redefining efficiency of a webserver; as it is designed and optimized for high performance environments. With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) LightTPD is the perfect solution for every server that is suffering load problems. LightTPD is Open Source licensed under the revised BSD license.
- LightTPD Website

To install the LightTPD package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install lighttpd

A log of the LightTPD installation can be found here.

phpMyAdmin

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields.
- phpMyAdmin Website

To install the phpMyAdmin package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install phpmyadmin

A log of the phpMyAdmin installation can be found here.

Snort

Snort Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
- Snort Website

To install the Snort package, execute the following from the command line (you may have to enter a Mac OS X administrative password):

sudo port install ruby
sudo port install rb-rubygems
sudo port install rb-termios
sudo port install rb-mysql

A log of the Snort installation can be found here.

Login