Update Apache while retaining FMS custom web publishing

[Dr. Zathras]

I'm running FMS 11.0.5.510 on OS X 10.9.5. It's serving forty databases, one of which is served to the web via custom web publishing. Everything is running smoothly but the campus security auditor is picking up a vulnerability with the old version of OpenSSL running on OS X 10.9.5's Apache. I addressed this on a different, non-FMS Mac by disabling Apple's bundled Apache and using MacPorts to install Apache2.

How to do this on my FMS 11 Mac? Just getting MacPorts to install Apache2 is the first problem as port install apache2 fails with a conflicting ports message. I assume this is because the existing Apache is blocking installation of the new version but how to stop the existing one? I tried turning off web publishing in the FMS admin console but port install still fails with the familiar conflicting ports message. Even stopping the web server with Mark Banks' FMSControl didn't help.

I therefore have a couple of questions:

1. How do I stop the existing Apache so MacPorts will install Apache2?
2. Once I have Apache2, how do I get FMS11 to use it instead of Apple's bundled Apache1?

Thanks

Colin

Edited February 28, 2017 by Colin Hunter

[ggt667]

Answers to your questions

1) sudo apachectl stop

2) There should be instructions inside, at least brew tells you have to enable your packages.

 

However

What I would do in this case would be to leave what works running, change the IP of presinstalled apache to 127.0.0.1( to make the apache server only me available on localhost,) install nginx as reverse proxy( as pr this example ) on the same node and make a https accessible proxying through localhost, that way you get the benefit of reverse proxy in 2 ways; speed/performance, and security.

Edited March 1, 2017 by ggt667

[John May - Point In Space]

You should update to OS X 10.11 or 10.12.  This will update your Apache and ModSSL installs.  Unfortunately, FMS 11 is not compatible with these newer OS versions so you'll need to update it as well, and then your FMPro installs too.  Isn't this fun?

I'm not even sure how you're running FMS 11 on OS X 10.9 as it is an unsupported OS for that version.

- John

[Dr. Zathras]

FMS 11 is officially unsupported on OS X 10.9 but I've experienced no problems serving 40 databases to 25 FMP clients and 1 database over the web via custom web publishing from this Mac. Yes, at some point we will upgrade to a version of OS X which Apple is actively supporting and as you note we'll then need to convert our databases to FM 12 format to run on whichever version of FMS/FMP is compatible with the new OS. Not a trivial task and with everything stable and everybody happy (other than the security auditor) there have been no complaints.

Nevertheless we need to be secure but we can't jump to OS X 10.12 on this server quite yet. I installed a new Apache/OpenSSL but was unable to persuade FMS 11 to see it so I'm going to follow ggt667's recommendation and go down the nginx path. His advice to leave what works running and have nginx serve as a reverse proxy to 10.0's Apache is an elegant solution but I'm somewhat out of my comfort zone with the necessary configuration steps. Hopefully I can figure it all out but may return for additional advice if I get stuck.

In any case, many thanks for the replies and especially to ggt667 for suggesting a solution I would never have thought of myself.

Colin