Colin Hunter

Update Apache while retaining FMS custom web publishing

4 posts in this topic

I'm running FMS 11.0.5.510 on OS X 10.9.5. It's serving forty databases, one of which is served to the web via custom web publishing. Everything is running smoothly but the campus security auditor is picking up a vulnerability with the old version of OpenSSL running on OS X 10.9.5's Apache. I addressed this on a different, non-FMS Mac by disabling Apple's bundled Apache and using MacPorts to install Apache2.

How to do this on my FMS 11 Mac? Just getting MacPorts to install Apache2 is the first problem as port install apache2 fails with a conflicting ports message. I assume this is because the existing Apache is blocking installation of the new version but how to stop the existing one? I tried turning off web publishing in the FMS admin console but port install still fails with the familiar conflicting ports message. Even stopping the web server with Mark Banks' FMSControl didn't help.

I therefore have a couple of questions:

  1. How do I stop the existing Apache so MacPorts will install Apache2?
  2. Once I have Apache2, how do I get FMS11 to use it instead of Apple's bundled Apache1?

Thanks

Colin

Edited by Colin Hunter

Share this post


Link to post
Share on other sites

Answers to your questions

1) sudo apachectl stop

2) There should be instructions inside, at least brew tells you have to enable your packages.

 

However

What I would do in this case would be to leave what works running, change the IP of presinstalled apache to 127.0.0.1( to make the apache server only me available on localhost,) install nginx as reverse proxy( as pr this example ) on the same node and make a https accessible proxying through localhost, that way you get the benefit of reverse proxy in 2 ways; speed/performance, and security.

Edited by ggt667

Share this post


Link to post
Share on other sites

You should update to OS X 10.11 or 10.12.  This will update your Apache and ModSSL installs.  Unfortunately, FMS 11 is not compatible with these newer OS versions so you'll need to update it as well, and then your FMPro installs too.  Isn't this fun?

I'm not even sure how you're running FMS 11 on OS X 10.9 as it is an unsupported OS for that version.

- John

Share this post


Link to post
Share on other sites

FMS 11 is officially unsupported on OS X 10.9 but I've experienced no problems serving 40 databases to 25 FMP clients and 1 database over the web via custom web publishing from this Mac. Yes, at some point we will upgrade to a version of OS X which Apple is actively supporting and as you note we'll then need to convert our databases to FM 12 format to run on whichever version of FMS/FMP is compatible with the new OS. Not a trivial task and with everything stable and everybody happy (other than the security auditor) there have been no complaints.

Nevertheless we need to be secure but we can't jump to OS X 10.12 on this server quite yet. I installed a new Apache/OpenSSL but was unable to persuade FMS 11 to see it so I'm going to follow ggt667's recommendation and go down the nginx path. His advice to leave what works running and have nginx serve as a reverse proxy to 10.0's Apache is an elegant solution but I'm somewhat out of my comfort zone with the necessary configuration steps. Hopefully I can figure it all out but may return for additional advice if I get stuck.

In any case, many thanks for the replies and especially to ggt667 for suggesting a solution I would never have thought of myself.

Colin

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • By ggt667
      What is wrong when Database appears unavailable to the scheduler, yet regular users are logged in?
    • By imdarek
      Hi, I am using filemaker 11 to copy customer info from excel into the database and then it would generate special keys in pdf allowing us to send the file to the customer.
      My access to the filemaker is non-admin, and the import function of customer info has been blocked.
      We are keying in the record one at a time, so we are looking at ways to automate this process.
      When I try to create a new record using applescript with just 
      it was not allowed. There are data that require validation like date and auto-indexed record number.
      So, is there a way we could create new record and then using the set function to copy data into the report?
    • By ggt667
      How can I get ESS access to PostgreSQL from FM11SA?
    • By Lewis2412
      I have two filemaker servers. One is version 7 and the other is version 11 advanced. I transferred the files from FM7 server to FM11 with no problem. Long story short, everything was great until I realized that the users were still using the FM7 files. To fix the problem, I shut down the filemaker service on both servers, then made a backup of each server by copying the files to another folder. Then I removed the FM11 files that were never used and copy and pasted the .fp7 files from the FM7 server to the FM11 server. I started the filemaker service on FM11, opened the files using the FM11 console. Now when I try to open the files on a workstation, the files do not show up in the Remote list. The server console shows that they are open. How can I correct this?
    • By carlosnorvik
      Hi:
      I want to share a good cloud backup alternative, Hubic, it gives 25 GB free, and you can schedule backup to happen "x" hours or minutes after a file has changed. 
      So just add a backup schedule to the "Hubic"folder of your PC or MAC where you have your server and instruct Hubic to sync 1 hour after, that way you make sure the upload will happen after your backup has completed.
      Neat and free.
      I was using Onedrive, but with the recent decrease in free capacity I looked for alternatives, I specially like the delay before upload.
       
      Carlos