[ Table of Contents ] [ Previous Chapter ]
Maintaining a busy web server often requires attention to backing up important files, rolling logs, and using capabilities of Unix and Apache beyond the functionality provided by the admin server.
iTools comes pre-configured to roll both the access log and the error logs on a daily basis. This is accomplished by means of the "CustomLog" directive and the "ErrorLog" directive in the /Local/Library/WebServer/apache.conf file. The interval between the times that the logs are rolled is given as a value that represents the number of seconds that the server waits before it rolls the logs again. An example of the default CustomLog and ErrorLog directives is given below:
CustomLog "|/usr/sbin/rotatelogs /Local/Library/WebServer/Logs/apache_access_log 86400" common
ErrorLog "|/usr/sbin/rotatelogs /Local/Library/WebServer/Logs/apache_error_log 86400"
As you can see, the number given in these examples is 86400 which is the number of seconds in a day. If you have a very busy web server, you may find it more convenient to roll the logs more often so that smaller, more easily-manageable files are generated. If you have a web site that receives less traffic, you may want to increase this number so that you don't end up with tons of log files with a small number of entries contained inside.
As with any computer program or system, it is always a good idea to backup important information before performing system upgrades, maintenance, or to ward off data loss due to hardware failure. This section will describe the locations of files in the iTools system so that you can make the determination whether you want to backup the entire system or just parts of it. If you have the disk space, it is a good idea to back up the entire system, not just parts of it.
Directory: /System/Library/Apache/Modules
This directory contains the module files used by Apache. It is updated whenever a new iTools distribution is installed. If you have built custom Apache modules, it would be a good idea back them up since they are not part of the default iTools distribution.
Directory: /Local/Library/WebServer
This directory is the most important part of the iTools distribution. It contains all of the Apache configuration files, SSL certificates and certificate requests (if SSL is installed), Web content (in WebSites and Documents), and logs. It is recommended that this directory be backed up before any major changes in the server take place and when significant changes to the web content are made.
Directory: /etc/ssl/private (if SSL is installed)
This directory contains SSL keys generated when the certificate request is generated. SSL keys are an essential part of the SSL system and cannot be regenerated once they are lost. Oftentimes a certificate authority can regenerate SSL certificates from a CSR if they have been erased or misplaced, but keys are generated with the certificate request and are the only protection you have that proves your SSL-secured site is who it says it is. The /etc/ssl/private directory should be kept under close guard and a backup be kept in a safe place.
This directory contains the configuration and application files associated with the Squid object cache. The main file to save in this directory is the squid.conf file which may contain site-specific configuration, though it is a good idea to save the entire directory especially if a large amount of cached content is present.
Directory: /usr/local/openssl (if SSL is installed)
This directory is a component of the SSL implementation in iTools. Saving this directory is important if SSL is installed.
Apache comes with various utilities to aid in administration and configuration. At times, it may be necessary to invoke these utilities manually. This section will cover the most common utilities. You can refer to the Apache documentation or the associated man pages for a more in-depth description.
apachectl is used to stop and start the Apache web server. Under iTools, it also starts the Squid object cache and SSL if the SSL package is installed. apachectl can be used as follows.
To start the server: apachectl start
ndbmmanage is a utility provided to aid in the creation and maintenance of Apache password databases. The iTools user and group password databases are located in /Local/Library/WebServer/tenon/etc, and the files are called users.db and groups.db respectively. The admin server normally takes care of adding and removing users from this file. It may be necessary to create shell scripts to automate tasks or to verify that a user is in the database independent of the admin server. The most common uses of ndbmmanage are as follows.
·To view the contents of the users database: ndbmmanage users.db view
·To view the contents of the groups database: ndbmmanage groups.db view
·To add a user to the database (<username> is the name of the user that you wish to add): ndbmmanage users.db adduser <username>
·To remove a user from the database: ndbmmanage users.db delete <username>
·To view the contents of the groups database: ndbmmanage groups.db view
·When viewing the groups database, please note that the name of the group is listed first, and the users in that group are listed second.
·To add a user to a group: ndbmmanage groups.db add <groupname> <username>
In the complicated world of web servers and Internet technology, things go wrong occasionally. Being a Unix system, OS X Server makes it easy to correct mistakes - if you know where to look. This section will help you to check the right places.
Are your network settings set up correctly?
OS X Server and iTools require properly set up network settings. Make sure that your machine is properly configured with the correct IP address and a matching hostname and domain name. You will also need a valid DNS server.
Is the server listening on the correct port?
In a properly-configured iTools system with the cache on, Squid will listen on port 80, Apache will listen on port 81 (only from Squid), and the admin server (if it is running), listens on port 84. Check with netstat by typing "netstat -a" at the command prompt. You may need to type "netstat -a |more" if the information does not fit in your terminal window. netstat is used to find out on which ports applications are listening. If there is nothing listening on ports 80, or 81, you will not be able to server web pages.
It is important to find out whether Apache is running to aid in diagnosing any difficulties. This can be done by typing "ps ax" at the command prompt. You can see if there are processes called "apache" and "squid" running. If Apache and Squid are not running, you can try starting them with "apachectl start". If apachctl gives you an error, or the server dies right away, you should look in your error logs to see what the problem is.
Have you checked your error log?
Unix and Unix-type systems generally provide detailed logging about every aspect of the system. iTools logs are located in /Local/Library/WebServer/Logs. Check the apache error log located within. Generally Apache's error logs provide detailed-enough information to point you in the general direction of where the problem is.
# Welcome to the EMUmail configuration editor! This program will
# step you through the configuration of EMUmail on your server.
# The values between the square brackets ([]) are the defaults,
# and pressing ENTER will be the same as typing in whatever is
# in between them. If you want to make a value blank, type in
# There are 18 options to configure.
* This is the URL used to get to the EMUmail CGI program.
* Example: http://www.yourserver.com/emumail.cgi
Enter value for EMU_URL [/web_mail/webmail.cgi]:
* This is the hostname of the default location from where to check for
* mail. The server needs to be POP3 compliant.
* When logging into EMUmail, if a hostname is not supplied, this
* hostname is used as a default.
Enter value for default_pop [localhost]:
* This is the root directory where the data files for EMUmail are
* stored. This directory needs to be READABLE and WRITEABLE by the user
* that your webserver runs as.
Enter value for page_root [/Local/Library/WebServer/web_mail/webdata]:
* In order for EMUmail to send mail, an SMTP compliant mail server is
* required. This is required for EMUmail to send mail.
Enter value for smtp_host [localhost]:
* This is the directory where systemwide EMUfiles will be stored. Files
* within this directory will be accessible to each user on your EMUmail
* server through their EMUfiles. This directory is usually set to the
* sysfiles directory under the same location as your page_root.
* Example: /usr/local/emudata/sysfiles
Enter value for SYSFILEDIR [/Local/Library/WebServer/web_mail/webdata/sysfiles]:
* This is the URL to where the EMUmail help is stored. If this is not
* supplied then Help will not work. (The /help at the end of the URL
* Example: http://emumail.yourserver.com/help
Enter value for HELP_URL [/web_mail/help]:
* If needed, EMU can be configured to take images from a different
* server than the CGI server. This can be helpful if EMUmail is on a
* machine dedicated to CGI, while static files are kept on a different
* server. Most users will leave this to be the same server as the
* Example: http://emumail.yourcompany.com
Enter value for img_url [/web_mail/]:
* EMUmail can run with the FastCGI module. If you have FastCGI
* installed, enter 1 in order to utilize FastCGI. Enter 0 otherwise.
* See http://www.fastcgi.com for more information on FastCGI.
* EMUmail can run on a mod_perl server. If you have mod_perl
* installed, enter 1 in order to utilize mod_perl. Enter 0 otherwise.
* For this to work you will have to retrieve the mod_perl PERL module.
* See http://perl.apache.org for more information on mod_perl.
* This is the size in Kilobytes that each user should be allowed to
* hold in their directories. If you set this to 0 then their will be
Enter value for quota [1000000]:
* Any username within this list will be excluded from quota
* restrictions. Usernames are delimited with spaces ' '.
* Example: emu@dotshop.com @dotshop.com emumail
* The above setting would exclude the one user 'emu@dotshop.com', all
* users from the 'dotshop.com' domain, and any user with the name
Enter value for quota_name_exclude []:
* This is the maximum number of seconds before a user's session becomes
* inactive. If this is set to 0 then users' sessions will never become
Enter value for max_time [12000]:
* This is the number of messages to display in EMUmail on each index
Enter value for max_messages [25]:
* The name that the EMUmail process calls itself. This name appears in
* various places in the program.
Enter value for publisher_name [WEBMail]:
* Any of the domains in this string are allowed access to your EMUmail
* server. Set this to be blank to allow all domains access.
Enter value for ALLOWED_DOMAINS []:
* This option chooses whether or not to cache the EMUmail HTML pages
* when running under either FastCGI or mod_perl. Setting this option
* will boost performance while slightly increasing memory load on the
* server. It's usually best to leave this set to 1.
Enter value for cache_emupages [1]:
* This is the maximum lifetime of an EMUmail process in seconds. The
* EMUmail process will die off if this time is ever exceeded. Do not
* set this too low otherwise your processes may be killing themselves
* before they finish doing their job.
Enter value for MAX_RUNTIME [75]:
* If this is set to 1 then each user's home directory will be cleared
* once they logout of the system. No folders will persist for more
* than one session. Unless this is something you reall want, leave