Web Server (apache) and DNS (bind) setup on a MacMini using Homebrew

Online references:

In this table are the commands for apache via brew as in https://getgrav.org/blog/macos-mojave-apache-multiple-php-versions.
The previous Apple server needs to be completely uninstalled and out of the window!

cmd comment

Xcode

S
install Xcode

S xcode-select --install Apple's command line tools need to be installed

BREW
S ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
T brew --version
S brew update
S brew upgrade
S brew doctor
O sudo chown -R "$USER":admin /usr/local
sudo chown -R "$USER":admin /Library/Caches/Homebrew

S brew install openldap libiconv

APACHE
S sudo apachectl stop
S sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist 2>/dev/null
S brew install httpd

O sudo brew services start httpd

T ps -aef | grep httpd

O sudo brew services restart httpd

T tail -f /usr/local/var/log/httpd/error_log

O sudo apachectl stop
O sudo apachectl -k restart
T apachectl -S to get setup paths
T apachectl configtest test
S
bbedit /usr/local/etc/httpd/httpd.conf

S
HTTPD edits including vhosts:
  1. Listen 8080 => Listen 80
  2. enable ==> LoadModule deflate_module lib/httpd/modules/mod_deflate.so
  3. enable ==> LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
  4. enable ==> LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
  5. ServerAdmin admin@domain.net
  6. #ServerName www.example.com:8080 ==> ServerName localhost:80
  7. enable ==> Include /usr/local/etc/httpd/extra/httpd-autoindex.conf
  8. enable ==> Include /usr/local/etc/httpd/extra/httpd-vhosts.conf


vhosts

edit: /usr/local/etc/httpd/extra/httpd-vhosts.conf

Include catch directory and for vhosts:
<VirtualHost *:80>
    DocumentRoot "/usr/local/var/www"
    ServerName catch.delaat.net
</VirtualHost>
<Directory "/usr/local/var/www">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<VirtualHost *:80>
    DocumentRoot "/Users/delaat/Sites"
    ServerName delaat.net
    ServerAlias alias.delaat.net
</VirtualHost>
<Directory "/Users/delaat/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

DocumentRoot "/usr/local/var/www" ==> DocumentRoot "/Users/delaat/Sites"
Directory "/usr/local/var/www" ==> Directory "/Users/delaat/Sites"


php
S brew install php DOES NOT WORK BECAUSE OF mod_mpm_event.so

To enable PHP in Apache add the following to httpd.conf and restart Apache:
    LoadModule php7_module /usr/local/opt/php/lib/httpd/modules/libphp7.so

    <FilesMatch \.php$>
        SetHandler application/x-httpd-php
    </FilesMatch>

Finally, check DirectoryIndex includes index.php
    DirectoryIndex index.php index.html

The php.ini and php-fpm.ini file can be found in:
    /usr/local/etc/php/7.3/

To have launchd start php now and restart at login:
  brew services start php
Or, if you don't want/need a background service you can just run:
  php-fpm


certbot

sudo install -d -o $(whoami) -g admin /usr/local/Frameworks

brew install certbot

HTTPD edits: Uncomment:
  • LoadModule ssl_module modules/mod_ssl.so
  • LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

add at the end:

<IfModule mod_ssl.c>
   Listen 443
</IfModule>
Include /usr/local/etc/httpd/extra/httpd-vhosts-le-ssl.conf

create if needed httpd-vhosts-le-ssl.conf

<VirtualHost *:443>
    DocumentRoot "/Users/XXXX/Sites"
    ServerName delaat.net
    ServerAlias ipv4.delaat.net ipv6.delaat.net
    ServerAlias www.delaat.net
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/XXXXXXX/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXXXXX/privkey.pem
</VirtualHost>

and in httpd-vhosts.conf e.g.:

<VirtualHost *:80>
    DocumentRoot "/Users/delaat/Sites"
    ServerName delaat.net
    ServerAlias ipv4.delaat.net ipv6.delaat.net
    ServerAlias www.delaat.net
RewriteEngine on
RewriteCond %{SERVER_NAME} =ipv4.delaat.net [OR]
RewriteCond %{SERVER_NAME} =delaat.net [OR]
RewriteCond %{SERVER_NAME} =www.delaat.net [OR]
RewriteCond %{SERVER_NAME} =ipv6.delaat.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


S
sudo certbot --apache
or
sudo certbot --apache --staging
and after successful testing:
sudo certbot --apache --force-renewal

O
sudo certbot renew --dry-run
O
sudo certbot renew for production
O sudo certbot certificates
S
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

OR:

 /Library/LaunchDaemons/com.certbot.renew.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.certbot.renew</string>
    <key>ProgramArguments</key>
    <array>
        <string>certbot</string>
    <string>renew></string>
    </array>
    <key>StartCalendarInterval</key>
    <dict>
        <key>Hour</key>
        <integer>14</integer>
        <key>Minute</key>
        <integer>56</integer>
    </dict>
    <key>StandardOutPath</key>
    <string>/usr/local//var/log/certbot.renew.log</string>
    <key>StandardErrorPath</key>
    <string>/usr/local//var/log/certbot.renew.log</string>
 </dict>
</plist>

sudo chown root:wheel /Library/LaunchDaemons/com.certbot.renew.plist
sudo launchctl load -w /Library/LaunchDaemons/com.certbot.renew.plist
sudo launchctl list | grep cert

S HTTPD edits to enable http2
  1. disable ===> #LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so
  2. enable ===> LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
  3. enable ===> LoadModule http2_module lib/httpd/modules/mod_http2.so
  4. add ===> Protocols h2 h2c http/1.1


BIND

S brew install bind
O sudo brew services start bind
O sudo brew services restart bind
O sudo brew services stop bind
S
/usr/local/etc/named.conf
S /usr/local/var/named/
T
host -t ns delaat.net
How this page is made (author Cees de Laat):
bluegriffon