PROGRAMMING/BIOINFORMATICS: Part III of a outline guide to setting a Mac OS X machine up for a web server database using Mac OS X 10.6.x, MySQL and Perl.
Originally intended as one long document, I have broken this into several parts. These instructions do not consider Mac OS X Server, which has a slightly different setup for MySQL. Part I covers installing MySQL. Part II covers installing the Perl modules to communicate with MySQL, setting up the first (empty) database and where to place your WWW files and scripts.
I’m not going to get into the details of tweaking config files and whatnot – the aim here is to offer a basic recipe that should work for most people without too much extraneous fluff which confuse a first-time installs. It’s a prescriptive outline rather than an detailed explanation.
I’m going to assume installing it on a client’s machine, i.e. you’ve no idea what it’s set up with.
This section is a little geeky and may not be needed by many users. I’m including it as it gives a little insight in to controlling access to files and directories by editing the Apache config files. If you are going to develop web services you should at some point get to grips with configuring the server yourself.
Before providing users access to your web server, you might want to configure the access in ways that suit your purpose. This involves editing the Apache configuration files.
This gives you finer control of access and effectively provides a second layer of control after the firewall access controls (these are described below).
The main directories to store web service files in Mac OS X are in /Library/WebServer. There are two sub-directories there: CGI-Executables and Documents for webCGIs and pages, respectively. (Share is for file hosting, e.g. FTP.)
To block access to the web server from outside, and to allow access to personal account CGIs, you want to edit the apache config files.
Edit /private/etc/apache2/httpd.conf to block all access to the main web directory. These config files are structured in HTML-like blocks. The first of the two shown below is likely to already be as shown. This defaults to blocking access to everyone; later in the config file access to particular directories is allowed.
Deny from all
# Controls who can get stuff from this server.
#Allow from all
Deny from all
(The ellipses indicate lines that have been skipped.)
If you don’t want to use the ‘global’ web sharing directory, you can disable access to it as I have shown in the second section above by commenting out two lines by prefixing them with the hash (#) character, with their replacements below.
You might do this, for example, if you only want to host web services from the user’s Sites directories.
To provide access to scripts in the personal web directory, /Users/username/Sites, accessed via http://localhost/~username/ you want to edit /private/etc/apache2/users/username.conf (replace username with a suitable username).
Here’s one example:
Options Indexes MultiViews SymLinksIfOwnerMatch ExecCGI
AddHandler cgi-script .cgi .pl
Allow from localhost
Breaking these down quickly:
- Indexes, allow directory listings.
- MultiViews, allow the server to look for files with the same prefix but different extensions if the file requested is not present (e.g. if asked for index.html but not found, allow server to search for index.htm) [For what it’s worth, in general I don’t usually use this option, to ensure misnamed files in scripts throw up an error rather than a not easily unanticipated action.]
- SymLinks, symbol links can be followed if allowed, in this case only if the file owner of the symbolic link is the same as the file pointed to. This allow access to files outside the web directory. In general this should be done cautiously and probably avoided unless you really have a need for it.
- ExecCGI, allow executable scripts to be run from the directory; in the absence of this all files are treated as plain text files.
- AllowOverride, informs the server what directives are allowed in any local .htaccess file (specifying configuration settings in a similar manner to the configuration files above, but extending/overriding those of the main configuration files). None forbids any directives; to enable this offer directives in place of ‘None’ (.e.g FileType). [In general, I prefer to use the main configuration files.]
- AddHandler cgi-script, specify what filename extensions are to be recognised by the web server as an executable file in this directory.
- Order, the order permissions are processed.
- Allow, specify domains, etc., that can access the server. In the example only localhost, the standard name for the current machine, is allowed access to the web server.
In particular, you’ll need the ExecCGI option set, and the handler for CGI to recognise the file types. I’ve explicitly restricted access to localhost as a simple security measure; the firewall settings, below, add to this.
Other options are available and explained in the excellent Apache documentation.
Finally the default location for the error log–set in /private/etc/apache2/httpd.conf–for 10.6 is in /private/var/log/apache2/error_log You’ll find this web server log useful for debugging some types of bugs.
Turning the web server (Apache) on and off
By default Apple’s web server (an installation of Apache) is switched off. To turn it on, Access the System Preference Pane ‘Sharing’ (under ‘Internet and Wireless’) and activate ‘web sharing’, which is Apple’s equivalent to starting and restarting the web server.
(If the pane is locked–see lock icon at bottom left–you may need to unlock it to make changes. If you are asked for a password, it is the administrator password for the computer.)
You should now be able to access the web service.
If you see instead a message to the effect that web sharing is blocked by the firewall, like this:
you’ll be able to access the web service locally, i.e. on the machine itself, but not from other machines. I personally use this while developing a service.
This can be controlled by the Firewall preference pane.
Choose the Security Preference pane (under ‘Personal’). You’ll see three pane to choose from: General, FileVault and Firewall. Choose Firewall.
To block all other computers from access to all but a small number of services that Apple considers essential, turn the firewall on. (You may need to unlock the pane by clicking on the lock icon in the lower left and entering your administrator password before you can make changes.)
To allow other computers to access the web service, you’ll need to tell the firewall that access to internet services from outside the machine is OK.
Click on the ‘Advanced’ button to the lower right of the Firewall preference pane.
You have two options here: allow access to all services, or allows access to only selected services (what I suggest). Here’s what you see with block all incoming services checked, then unchecked with web sharing activated:
If you want more control over firewall settings try downloading a GUI interface to the Unix ipfw command or learn how to use the Unix ipfw command itself. (ipfw = internet protocol firewall.) Two free examples of ipfw GUI applications are NoobProof (for novices) and WaterRoof (for geeks and a larger download). In particular NoobProof provides a wizard that will take you through setting up the obvious things step-by-step. (There is also a SuperNoob mode, but if you’re coding Perl for web server, you really ought not to be needing that.)
These or other GUI applications that access ipfw will save you burrowing through the Unix man notes.
This concludes my outline description of setting up a Mac OS X 10.6.x machine for MySQL for access via Perl scripts. These notes are obviously only a sketch outline, but I hope that they are of some use to those installing these for the first time – my target audience. If any readers have a burning desire for more information pitched at this level, let me know.
 If you do, I’d take that as a hint you need to do more homework first.
Other articles on Code for Life: