Category Archives: Mac OS X Server

pf & logging in 10.8 and 10.9

The pf firewall (see http://www.openbsd.org/faq/pf ) is an excellent tool and there are many reasons I prefer it to ipfw (which was the native/built-in option supplied in versions of Mac OS X prior to 10.7 . Not to be confused with the Application Firewall (see http://support.apple.com/en-us/HT201642).

The problem with pf in OS X is that logging is problematic – pretty much broken.
In an effort to remedy this situation, I went searching and found Charles Edge’s post here to be particularly helpful:
http://krypted.com/mac-os-x/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/

and just as much, the following post that he refers to:
http://ikawnoclast.com/security/mac-os-x-pf-firewall-avoiding-known-bad-guys/

The Emerging Threats ETOpen ruleset is a great discovery.

Now then: In order to achieve reliable logging for pf, I suggest using launchd with a LaunchDaemon plist as shown:

pflog plist

 

 

 

 

pflog.plist

The script that is called (by the above plist) is simply:
#!/bin/sh
/sbin/ifconfig pflog0 create
/usr/sbin/tcpdump -lnettti pflog0 | /usr/bin/logger -t pf -p local2.info

The flags/options chosen for tcpump are the ones I found to result in the most useful information being logged, for my needs. Read the manpage and adjust as desired.

Also note that adding a firewall entry for pf via pfctl, doesn’t appear to work. I suggest creating your own tables, configuring /etc/pf.conf appropriately (to refer to your custom tables, please DO leave any and all existing entries untouched) and then manually editing your custom table(s) (with due caution !), then using
sudo pfctl -f /etc/pf.conf

to invoke your changes.

How to install WordPress on Mountain Lion server, and migrate your WordPress setup from your old OS X Server install

Geting WordPress working on your Mountain Lion Server, or “This one goes to eleven”  😉

The first thing I’d like to make clear is that I’m not trying to tell you every last detail you’ll need to know. The scope of the instructions I do provide covers the key parts of the process, circumscribed by:
1) A working install of WordPress (and associated MySQL database) on an existing OS X Server,
and
2) An existing working install of 10.8 server and (working) website hosted on it.

If you have some background with OS X Server, and a modicum of experience (and comfort) working via the Terminal (“the command-line”), this isn’t particularly difficult at all. Rather, the process requires a number of very specific, correctly executed steps. It’s actually quite straightforward if you proceed with patience and precision, and in an orderly fashion.

You should have have already successfully installed WordPress on an existing instance of Mac OS X (client or Server) and configured your MySQL database appropriately for your WordPress install.
As such, you do need to already be at least somewhat comfortable working in the command-line (via the Terminal).

And now you want to hear about someone else’s success (mine) getting a WordPress site running on Mac OS X 10.8 server.
In my case, I was migrating from 10.6.8 server.

There are eleven main steps in this process. Why didn’t I make it ten ? Actually, it worked out that way as I was writing this post. I’ll take the opportunity to reference the much-loved and (and oft-quoted by me) line from the filme This is Spinal Tap, “These go to eleven“:

1. Backup of the WordPress files
2. Exporting your existing MySQL database for WordPress
3. Transfer the above files from your old server to your new one
4. Decompress and migrate the WordPress backup to the appropriate location on your new server
5. Install MySQL on your 10.8 server
6. Set up a new (empty) WordPress database in MySQL and restore your prior database backup (sql dump)
7. Download and install the latest stable version of WordPress
8. Configure your webserver & restore your WordPress config and content to the new WordPress install within your (web)site directory
9. Additional MySQL items
10. In Server.app, under Websites, click to “Enable PHP web applications”
11. Test and ensure that everything is working.

Postscript: Additional miscellany
Success !

Step One:
On your existing server, backup your WordPress installation. This is typically
going to be within your (web)site directory, in 10.6 Server this is
/Library/WebServer/Documents/<yoursite>
where <yoursite> is the name of the folder where your existing website files are housed.

cd /Library/WebServer/Documents/yoursite
sudo tar -czvf ~/WP_Content_backup_$(date +%Y%m%d).tar.gz <yourWordpressDirectory>

for example:
cd  /Library/WebServer/Documents/yoursite
sudo tar -czvf ~/WP_Content_backup_$(date +%Y%m%d).tar.gz wordpress

The above will put the backup (eg, WP_Content_backup_20121208.tar.gz) in your home directory,
which will be the home directory of the user you logged in as, via the Terminal.

Step Two:
Export your existing MySQL database for WordPress.
mysqldump --user=root --password=<pass-here> your_Wordpress_databasename | gzip -c > ~/WP_DB_backup_$(date +%Y%m%d).sql.gz
So the case of my example, the resulting filename would be WP_DB_backup_20121208.sql.gz

Step Three:
Next you’ll want to migrate both of those backup items to your new server.
I used ssh to work with either server, and scp to copy the files.
You can read up on that if you need to, but as an example,
once you’ve connected to the Mountain Lion server via ssh, run the following:

scp username@oldhost:WP_Content_backup_20121208.tar.gz .
and
scp username@oldhost:WP_DB_backup_20121208.sql.gz .

“oldhost” could be the old server’s IP address or hostname.

Leave the WordPress DB backup for now.

Step Four
Decompress the wordpress content from your former server:

sudo tar -xzvf WP_Content_backup_20121208.tar.gz

Leave the resulting “wordpress” directory where it is for now.

Step 5
Install MySQL from mysql.org:

Download MySQL from http://www.mysql.com/downloads/mysql/

It should be the fourth listing there, “Mac OS X ver. 10.6 (x86, 64-bit), DMG Archive”
I do recommend that you also download the signature and verify your download with gpg.
That’s another topic entirely, but see http://support.gpgtools.org/kb/how-to/first-steps-where-do-i-start-where-do-i-begin
and https://www.gpgtools.org/installer/index.html

Always secure your mysql installation, which you can do with the command below,
which will also ask you to create a (MySQL) root password.
Make sure you record this securely, and please don’t confuse the MySQL root user with your/the
system “root” user.

cd /usr/local/mysql
bin/mysql_secure_database

Step 6
Set up the MySQL DB for your WordPress installation:

Create an empty database for your WordPress database (db):

/usr/local/mysql/bin/mysql -u root -p

(Presuming that your database name is wordpress.db – when you’re at the mysql prompt):
grant all on wordpress_db.* to your_wordpress_username@localhost identified by 'password for your wordpress user here';

Do note that your wordpress username and password will need to be the same as they were originally,
in order to line up with your wordpress config (see the next item).

Restore your backed up WordPress MySQL database via:
mysql -u username root -p -h localhost DATA-BASE-NAME < WP_DB_backup_<DATE>.sql
eg.
mysql -u username root -p -h localhost DATA-BASE-NAME < WP_DB_backup_20121208.sql

Step 7
Download and install the current version of WordPress:

Download from http://wordpress.org/download/
and see
http://codex.Wordpress.org/Installing_Wordpress#Famous_5-Minute_Install

Step 8
Configure your webserver & restore your WordPress config and content-directory within your (web)site directory:

After installing WordPress, restore wp-config.php from your decompressed directory of your old WordPress install, or edit the stock config at
/Library/Server/Web/Data/Sites/yoursitename/wordpress/wp-config.php
to match your database name and db username and password that you set up above. See http://codex.Wordpress.org/Installing_Wordpress#Famous_5-Minute_Install
Then restore your former WordPress content to the new WordPress installation:

cd ~
mv wordpress/wp-content /Library/Server/Web/Data/Sites/yoursitename/wordpress/

Step 9
Additional MySQL setup steps:

Ensure that your mysql socket config lines up with what PHP is expecting.
Namely, /var/mysql/mysql.sock
http://support.apple.com/kb/HT4844?viewlocale=en_US&locale=en_US

From the MySQL install, copy my-dedium.cnf to /etc:
cp <path to MySQL files>/support-files/my-medium.cnf /etc/my.cnf

If you’re not sure where the support-files are (or don’t seem to have them), you can download the tar.gz version of MySQL from http://dev.mysql.com/downloads/mysql/

Look for the first item listed there, “Mac OS X ver. 10.6 (x86, 64-bit), Compressed TAR Archive”

Edit /etc/my.cnf to change the socket location (I strongly suggest you use vim or even nano and not a GUI editor):

Look for
socket          = /tmp/mysql.sock

and change it to:

socket          = /var/mysql/mysql.sock

Change the permissions for the directory in question:

sudo chown -R _mysql /var/mysql

Restart MySQL:

sudo SystemStarter restart MySQL

Ensure that you can connect to MySQL as your wordpress database user:
/usr/local/mysql/bin/mysql -u <wordpress_db_user> -p

This is the user you configured originally for your MySQL wordpress database and when prompted give the associated password
password for that user.
You should be presented with the mysql prompt:
mysql>

rather than any error message(s).

Exit mysql with:
quit
(and press return).

Step 10
Enabling PHP –
Simple enough: In Server.app, under Websites, click to “Enable PHP web applications”

Step 11
Test that everything is working.

That’s it !  🙂

Postscript – Additional miscellany:
If something isn’t working, check your logs. This is easy enough to do via the Console.app utility.
The most common cause of problems will be missing a step above, or incorrect permissions.
Both are easy to correct. Don’t panic, and get this working on a non-critical server first to ensure you’re
able to get it working.

If you run into an issue where your wordpress site appears to load but nothing actually appears,
verify the permissions for the wordpress directory in question,
and remove any extraneous ACLs if there are any.

I also recommend that you install some WordPress extensions to help protect your WordPress installation & server. Look into Login LockDown, Secure WordPress, and WordPress Firewall.

Can’t authenticate as directory admin after an upgrade install of Mac OS X Server

I generally recommend migrating (backing up settings & data) with a clean install and re-integrating data (although not OD data where possible), when moving from any one major version (of really any OS) to another.

First, please read the following Apple article:

http://support.apple.com/kb/HT1194

Now let’s ensure that you’re using the Apple article as intended. In the Terminal on your server (or logged in via ssh):

sudo mkpassdb -dump | grep diradmin

where your OD admin account shortname is indeed diradmin

The above command will probably come back with

slot 0001: 0x00000000000000000000000000000001

if not then note the difference, specifically the long string (0x … etc.).
Then issue – adjusting to match your slot ID if it differs:

sudo mkpassdb -setpassword 0x00000000000000000000000000000001

If it’s been more than 5 minutes (by default), do keep in mind that the first password you’re asked for will be to authenticate as the local admin for use of “sudo”