Tuesday, December 4, 2007

A great PHP Hit counter

Everyone who runs a site likes to know about who is visiting it - to better cater the site to those users, and just for curiosity. Until recently I had been using a very basic PHP script to count the hits to my site. It simply incremented a number in a text file whenever the index page was loaded.

Then I found PHPCounter - it's an excellent script that takes about a minute to install (unzip, chmod a few files), but is very powerful. It breaks down the statistics chronologically, by page visited or unique visitors for example, and displays the information as a web page for you. You can even have it ignore pageviews generated by your own activity by adding to the ignoreip.txt file.

Best of all, it's written in PHP, so I've managed to avoid the evil javascript for another day.

Monday, November 12, 2007

Leopard Uses Apache 2

Those upgrading from Tiger to Leopard will notice that the webserver has been upgraded to Apache 2 - 2.2.6 to be exact. For my simple server, I don't notice any difference, but a list of changes can be found here. The default PHP version included is 5.2.4.

One thing you will notice is that the configuration files have been moved from their previous home at /etc/httpd, to /etc/apache2. Listing the contents of that directory reveals that the files are organized slightly differently:

drwxr-xr-x 14 root wheel 476 4 Nov 01:36 extra
-rw-r--r-- 1 root wheel 17642 4 Nov 01:36 httpd.conf
-rw-r--r-- 1 root wheel 12958 23 Sep 21:11 magic
-rw-r--r-- 1 root wheel 28782 23 Sep 21:11 mime.types
drwxr-xr-x 4 root wheel 136 23 Sep 21:11 original
drwxr-xr-x 5 root wheel 170 4 Nov 01:44 other
drwxr-xr-x 2 root wheel 68 23 Sep 21:12 users

The familiar httpd.conf is still there, and serves essentially the same function. The various functions that are included in the httpd.conf file, however, such as php and virtual hosts, have been separated into the various directories and referenced with Include lines.

Changing the Defaults
Delving into httpd.conf, the ServerAdmin line can be changed to a valid email address, and you may want to change the DocumentRoot line from "/Library/WebServer/Documents", depending on how you organize your server. If you do change it, be sure to change the Directory "/Library/WebServer/Documents" line to the same directory.

I also like to change the DefaultType line to DefaultType application/octet-stream, so that any unknown mime types will be downloaded by the user, instead of output as a stream of garbage characters.

Virtual Hosts
I uncommented the virtual hosts line, since I use them, to read Include /private/etc/apache2/extra/httpd-vhosts.conf.

The extra/httpd-vhosts.conf file should include the virtual host info you would previously have put in httpd.conf, which for me includes NameVirtualHost *, and a series of VirtualHost definitions.

You may have noted the following line down at the bottom of the httpd.conf file - Include /private/etc/apache2/other/*.conf, meaning that any conf file in the 'other' directory will be parsed, including other/php5.conf. However, one must uncomment this line in httpd.conf to activate php functionality:
LoadModule php5_module libexec/apache2/libphp5.so

Finally I change the line in other/php5.conf to read AddType application/x-httpd-php .php .html, so that I can name my php files with regular .html extensions.

Wednesday, November 7, 2007

Get DNSUpdate working on Leopard

If you're running a web server from home, ZoneEdit has some great, free options for managing your dns, like an unlimited number of forwarded email addresses. The one dynamic dns client I've found that updates ZoneEdit of my latest IP address is DNSUpdate. Unfortunately, the latest version (2.8 as of this writing) fails to launch at login after updating to Leopard on my system.

According to the console, launchd is ignoring the daemon that's in place because the permissions are suspicious. If the daemon never launches, my IP address doesn't get updated, and the web site is useless when my IP changes.

The fix is easy, and just involves changing the ownership of the daemon to root, so that launchd isn't suspicious anymore. First, use

cd /Library/LaunchDaemons/
then use
sudo chown root:wheel org.dnsupdate.daemon.plist

On the next restart, the DNSUpdate daemon should start right up, and work as normal.

PureFTPd Manager Replacement Under Leopard

PureFTPd Manager no longer works after upgrading Mac OS X to version 10.5 (Leopard). What to do, for those of us who want FTP access to our machines using SSL/TLS login encryption?

Location of pure-ftpd files
Although the GUI for the manager doesn't start up, the pure-ftpd application is still operational under Leopard. In other words, the server will still work, we just don't have the nice interface.

The application itself should still be located at /usr/local/sbin/pure-ftpd, with man files at /usr/local/man/man8/pure-ftpd.8. The associated files, including the self-signed certificate, should still be located under the /private/etc/pure-ftpd/ directory. If you don't have them on your machine because you did a clean erase-and-install, migrating the files from your backup should do the trick. All the files should be owned by root:wheel.

Firewall Issues
Make sure that the Mac OS X FTP server is turned off under the Sharing system preferences. I dislike the interface of the Leopard firewall, and I couldn't get it to punch the right holes for pure-ftpd. If you have an external hardware firewall, you may just want to allow all connections under the Security / Firewall system preference. To properly configure the Mac OS X firewall, I recommend WaterRoof.

Server Startup
Now it's just a matter of starting up the server. It can be started in principle using
sudo /usr/local/sbin/pure-ftpd
in the terminal. However, to have any semblance of the server running as it was using the PureFTPd Manager, some options are necessary. A full list of options is available from the official site here.

To avoid having to keep the Terminal application open, run it in the background using -B. To allow only TLS encrypted connections, use -Y 2. I use
sudo /usr/local/sbin/pure-ftpd -a 0 -B -c 5 -E -k 95 -p 50000:50010 -Y 2

which should read as all one line, of course. The other options restrict all users except root to their home directories (-a 0), allow a maximum of 5 connections total (-c 5), disable anonymous logins (-E), disable uploads if the hard drive is 95% full (-k 95) and allow passive connections to the port range 50000-50010 (-p 50000:50010).

After entering the command with your options, the FTP server should be accessible exactly as it was under your previous system.