Apple’s macOS Server 5.x has a rather different Apache configuration compared to the core macOS setup or those used in previous versions of Server. In particular, an instance of Apache is used as a proxy to any ‘backend’ copies of Apache. Here’s how to work around this…
Problems with Proxy and Ports
Unfortunately, the new proxy setup has the proxy always listening (attached) to ports 80 & 443, even if the sites in Server GUI are disabled and the Web service is off. This is problematic if you want setup something outside of Server (e.g., FileMaker Server) that needs to attach to ports 80 or 443.
One option to avoid this conflict is to modify the proxy configuration to no longer listen on these ports. The configuration file for this can be found at:
/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf
Once you have the file open in an editor, make the following changes.
For each of these directives using port 443 or 80:
- use 9443 instead of 443
- use 8080 instead of 80
Directives that need to be changed are:
- Listen
- VirtualHost
- RequestHeader
I’ve done this often enough that I’ve finally come up with a full sed based shell script to make these changes:
#!/bin/bash
# 2017-07-12 simon_b: created script
# 2017-07-17 simon_b: fixed several patterns so that its safe if run more than once
# Stop for any errors.
set -e
PROXYCONF="/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf"
PROXYTMP="$PROXYCONF.tmp"
PROXYSAVE="$PROXYCONF.save"
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# Save the current file. Will ask if ok to overwrite existing file if present.
echo
echo "Creating modified .tmp file"
# We really only want to replace once for each pattern, but sed is a bit awkward about that,
# so we do a targeted global replace.
# Changing the virtual host macros not required, but keeps things consistent.
# Fix LISTEN, VIRTUALHOST, and REQUESTHEADER statements.
sed -e 's/^listen 80$/listen 8080/' \
-e 's/^listen 443$/listen 9443/' \
-e 's/$//' \
-e 's///' \
-e 's/ServerName \$serverName:80$/ServerName $serverName:8080/' \
-e 's/RequestHeader set X-Forwarded-Port "80"$/RequestHeader set X-Forwarded-Port "8080"/' \
-e 's/$//' \
-e 's///' \
-e 's/ServerName \$serverName:443$/ServerName $serverName:9443/' \
-e 's/RequestHeader set X-Forwarded-Port "443"$/RequestHeader set X-Forwarded-Port "9443"/' \
"$PROXYCONF" >"$PROXYTMP"
echo "Moving original file aside"
mv $PROXYCONF $PROXYSAVE
echo "Swapping in modified file"
mv $PROXYTMP $PROXYCONF
echo
echo "The file" $PROXYCONF "was succesfully modified"
echo
# Show what was changed:
echo "DIFFERENCES"
echo "==========="
sdiff -l $PROXYSAVE $PROXYCONF | cat -n | grep -v -e '($'
echo
exit 0
A possible problem with this approach is that either later Server upgrades might blow out these changes, or the Server upgrade may stumble due to the non-standard configuration.
Another option may be to disable the proxy from starting in the first place. However, I haven’t yet tracked down what is instantiating this process, as it doesn’t use the more typical methods of doing this on Mac OS.
If you see a lot of messages like the ones below in your system.log, your changes either got overwritten or have errors:
Apr 30 09:54:48 myhostname com.apple.xpc.launchd[1] (com.apple.serviceproxy): Service only ran for 0 seconds. Pushing respawn out by 10 seconds. Apr 30 09:54:58 myhostname com.apple.xpc.launchd[1] (com.apple.serviceproxy[66610]): Service exited with abnormal code: 1
Simon