Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 2832 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted (edited)

I'm running FMS 11.0.5.510 on OS X 10.9.5. It's serving forty databases, one of which is served to the web via custom web publishing. Everything is running smoothly but the campus security auditor is picking up a vulnerability with the old version of OpenSSL running on OS X 10.9.5's Apache. I addressed this on a different, non-FMS Mac by disabling Apple's bundled Apache and using MacPorts to install Apache2.

How to do this on my FMS 11 Mac? Just getting MacPorts to install Apache2 is the first problem as port install apache2 fails with a conflicting ports message. I assume this is because the existing Apache is blocking installation of the new version but how to stop the existing one? I tried turning off web publishing in the FMS admin console but port install still fails with the familiar conflicting ports message. Even stopping the web server with Mark Banks' FMSControl didn't help.

I therefore have a couple of questions:

  1. How do I stop the existing Apache so MacPorts will install Apache2?
  2. Once I have Apache2, how do I get FMS11 to use it instead of Apple's bundled Apache1?

Thanks

Colin

Edited by Colin Hunter
Posted (edited)

Answers to your questions

1) sudo apachectl stop

2) There should be instructions inside, at least brew tells you have to enable your packages.

 

However

What I would do in this case would be to leave what works running, change the IP of presinstalled apache to 127.0.0.1( to make the apache server only me available on localhost,) install nginx as reverse proxy( as pr this example ) on the same node and make a https accessible proxying through localhost, that way you get the benefit of reverse proxy in 2 ways; speed/performance, and security.

Edited by ggt667
Posted

You should update to OS X 10.11 or 10.12.  This will update your Apache and ModSSL installs.  Unfortunately, FMS 11 is not compatible with these newer OS versions so you'll need to update it as well, and then your FMPro installs too.  Isn't this fun?

I'm not even sure how you're running FMS 11 on OS X 10.9 as it is an unsupported OS for that version.

- John

Posted

FMS 11 is officially unsupported on OS X 10.9 but I've experienced no problems serving 40 databases to 25 FMP clients and 1 database over the web via custom web publishing from this Mac. Yes, at some point we will upgrade to a version of OS X which Apple is actively supporting and as you note we'll then need to convert our databases to FM 12 format to run on whichever version of FMS/FMP is compatible with the new OS. Not a trivial task and with everything stable and everybody happy (other than the security auditor) there have been no complaints.

Nevertheless we need to be secure but we can't jump to OS X 10.12 on this server quite yet. I installed a new Apache/OpenSSL but was unable to persuade FMS 11 to see it so I'm going to follow ggt667's recommendation and go down the nginx path. His advice to leave what works running and have nginx serve as a reverse proxy to 10.0's Apache is an elegant solution but I'm somewhat out of my comfort zone with the necessary configuration steps. Hopefully I can figure it all out but may return for additional advice if I get stuck.

In any case, many thanks for the replies and especially to ggt667 for suggesting a solution I would never have thought of myself.

Colin

This topic is 2832 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.