The Most Versatile VoIP Provider: FREE PORTING
JUST RELEASED: Visit the Incredible PBX WikiISP-In-A-Box: The $500 Mac mini (Chapter XV: Rock Solid Backups, Rock Bottom Price … Free!)
We’ve postponed this column several times but not because it wasn’t important. We’re firm believers that every computer deserves a rock-solid backup solution, and the one we’ll introduce you to today is as good as backups get. It also happens to be free unless you’d like to donate $5 to the author … highly recommended. Today’s backup solution is so well engineered that you actually can boot your Mac from the backup drive once you complete a full system backup. Try that on your Windows XP machine. Heh heh heh. And this last capability provides a hidden bonus included with this backup solution: you can use it to clone your small hard drive and then replace it with a larger (or faster) drive which then can be cloned from the backup drive. You also can synchronize one drive to another and schedule unattended backups at any time desired.
Choosing an External Backup Drive. In order to do full system backups and incremental ones, you’ll need an external USB or Firewire drive. We recommend a firewire drive because you can’t boot Mac OS X from a USB drive. Booting from a firewire drive is as easy as rebooting, holding down the alt/option key, and choosing the drive from which to boot. The drive obviously needs to be large enough to hold your backup. If money is no object, you may want to consider one of the self-powered firewire drives so you don’t have to scramble for an AC outlet to make a backup. This makes real sense with notebook computers! Or, if you’ve gotten tired of listening to music on your iPod and would rather use it for a higher purpose, Engadget has an article that will show you how to convert your iPod into a perfectly acceptable firewire drive for backups. The most cost effective solution is probably what we use ourselves. You can find a Lacie 80GB firewire drive providing incredible performance with a small footprint for just over $100. We’ve had good luck with the Lacie drives which we leave powered on and connected to two of our iMacs all the time. Backups are run in the middle of the night and never interfere with what you’re doing.
Downloading the Software. This backup solution is designed for those using a Mac with Mac OS X v10.3 aka Panther. If you’re using a different OS, you’ll need to make some adjustments which aren’t covered here. We’re going to be downloading two separate pieces of software: Carbon Copy Cloner v.2.3 and Psync, and we want the Panther versions of both products. So just click on the Psync link in this paragraph to download it to your Desktop. Install it by double-clicking on psync.pkg once it mounts on your Desktop. Just follow the prompts. Then download Carbon Copy Cloner from the link above. Once the folder is created on your Desktop, double-click on the documentation file in the folder and read it. Now drag the Carbon Copy Cloner application to your Applications folder to complete the installation.
Making Your First Backup. Plug in your external drive and power it up. Make certain that it mounts on your Desktop (you’ll see an icon) before you start up Carbon Copy Cloner. Now start CCC by double-clicking on it in your Applications folder. Once it starts up, begin by clicking on the padlock and entering your Admin password to enable all of CCC’s features. The simplest full system backup only requires a couple of steps. Click on the Source Disk pull-down and choose your local hard disk. Then click on the Target Disk pull-down and choose your external drive. Now click the Preferences button and make certain that Repair Permissions before cloning is checked, Target Disk – Make Bootable is checked, and both Synchronization items are checked. None of the options in the right column should be checked. Now click the Save button. To begin your backup, click the Clone button. When the backup finishes, check the log to make sure nothing came unglued. Then restart your Mac and hold down the alt-option key. Choose your firewire external drive as the boot device and watch as your Mac restarts from your secondary drive. How cool is that? Now send Mike Bombich five bucks. It’s the cheapest insurance you’ll ever buy.
Scheduling Regular Backups. Nothing, of course, prevents you from making a backup anytime you feel like it. However, nothing will improve your peace of mind more than scheduling regular backups so you don’t have to worry about it. Here’s how. While you have all your settings just right in the Cloning Console window, click the Scheduler button. Choose when and how often you want your backups to run and then click the plus sign (+) to add the backup script to your System crontab (that you learned all about earlier this week). Wasn’t that hard, was it? The only wrinkle, of course, is that your machine and backup drive both must be on, and your Mac cannot be in Sleep mode. Now all you need to do is check your logs once in a while to make sure everything went according to plan.
We’ve got an extra special surprise for you tomorrow. See you then.
ISP-In-A-Box: The $500 Mac mini (Chapter XIV: Remote Access and Remote Control)
Today we’re going to tackle all the flavors of Remote Access for your Mac. It’s a must-have resource for Road Warriors and anyone using their Mac as a server of almost any kind. There are dozens of great remote access tools available but, in the interest of not putting everyone to sleep at once, we’ll focus on some of the built-in (i.e. free) tools, the best of the open source tools (i.e. free), and a couple of the more popular commercial products. The prerequisites for all of these tools are having an always-on Internet connection and having an always-on Mac. And sleep mode doesn’t qualify as ON insofar as remote access is concerned.
There are two types of remote access tools in my book: safe and dangerous. Safe in this context means the connection between you (wherever you are) and your Mac server is always encrypted so that others can’t intercept your password or data. Dangerous means everything else such as FTP. We’re only going to discuss safe remote access tools, and I’d urge you to think twice about enabling or using anything else. Once someone intercepts your unencrypted password, they basically own your Mac and all the data that’s stored on it. So ask yourself if that’s a risk you are willing to take. And I think you’ll probably come to the same conclusion we have: Just Say No.
If you’ve been following our advice, then there is a hardware-based firewall of some variety between your Mac server and the Internet. And your Mac has its built-in firewall enabled as well. Before remote access will work, you’ll need to open the SSH (secure shell) port (22) by accessing the Sharing Folder under System Preferences. Just check the Remote Login box to enable other computers to access your Mac using SSH. You’ll also need to create a rule in your hardware-based firewall that passes Port 22 traffic to the IP address of your Mac. If you don’t know what your Mac’s Internet address is, just click here using a web browser on the Mac in question.
Once you have enabled Remote Login, your Mac automatically starts three UNIX servers: SSH for remotely logging in to your machine, SCP for remotely copying files to/from your machine, and SFTP which is functionally identical to a traditional FTP server except the connection is secure. With SSH, the simplest way to access your server from another machine is to open a Terminal window, switch to root access (sudo su), and then open an SSH session: ssh 111.111.111.111 where the IP address is the actual IP address of your server. If you’re inside the hardware firewall with your server, then you can use your internal IP address as well. Unless you’ve installed a security certificate on your Mac (which really isn’t necessary since an unregistered one will be generated automatically), you will be warned that the authenticity of your server cannot be established. Just type yes to proceed, and then enter your root password. Once you’re connected to your server, you can do anything you could do from a Terminal window sitting at your machine. Type man scp for a tutorial on how to use the secure copy program. q gets you out. When you are finished with your SSH session, type exit to logout.
Secure FTP works similarly. You login by typing: sftp username@111.111.111.111 where username is an actual account on your server and the IP address is your server’s actual IP address. After typing your password, you will be presented with the sftp> prompt. Type ? to see the list of possible commands. When you are finished with your SFTP session, type exit to logout. If you only need to copy files back and forth to your Mac server, this is probably the easiest and simplest method to use. And it’s free.
If your primary remote access requirement is to copy files between your Mac and a remote machine but you prefer the ease of use of a Mac OS X Aqua interface, then there is no finer program than Transmit (see inset). While it’s not free, $30 won’t break the bank for most folks, and you’ll be getting the top of the line FTP and SFTP product available in the Mac marketplace. If, down the road, you decide to use a web hosting facility for your web site(s), Transmit is the one tool you simply cannot live without. Copying files is as simple as dragging and dropping them into a Transmit window. If you can’t tell, we use Transmit ourselves for managing web sites and have for many years. You won’t be disappointed.
There’s another type of Remote Access program. The applications in this group are designed to let you remotely display and control the desktop of your Mac. In other words, what you see is the same thing someone sitting in front of your Mac server would see … only slower. For some, this is an essential component of remote access. For others, it’s a big waste of computing and bandwidth resources. Just be forewarned that Remote Control software is not perfect and is resource intensive, and you won’t be disappointed if you have a fast broadband connection in both directions on both machines. Keep in mind that a typical Mac display these days exceeds 700,000 pixels with millions of colors, and it will give you some idea of the amount of data which must be transmitted just to replicate a single static screen. And that’s before you ever move your mouse! Yes, there are compression techniques and shortcuts that the various applications use to reduce the size of the screen transmissions, but it still is a bandwidth intensive operation because of the screen sizes and resolutions of today’s monitors. Apple makes a perfectly acceptable commercial application to handle remote control called Apple Remote Desktop 2. And, if money is no object or for large organizations, it is a perfectly acceptable solution for remote control. You should be aware, however, that half of the Apple remote control package is available at no cost to users of Mac OS X v10.3. That half is now standards-based and, because it’s free, we’re going to take advantage of it today. Standards-based means that it is compatible with every VNC client for virtually every computing platform in the world, all the way down to cellphones and PDAs if you can stand the performance. The other half (purchased from Apple) will set you back $299 for 10 clients or $499 for unlimited clients. The good news is you don’t need the costly half because there is a standards-based product for Macs which works well and is only getting better. Finally, be aware that this remote control solution is not encrypted meaning that it is possible (theoretically at least) for someone at your ISP’s router to intercept the data. With built-in compression, the data stream still would pretty much be gibberish, but at least it is something you should be aware of. See the comments to this article for an approach that uses an SSH tunnel.
So our remote control approach will be to download and install the latest version of the Apple VNC client. And then we’ll download the standards-based Chicken of the VNC to handle access to the remote desktop. And, as we mentioned, any standard VNC product can be used to connect to the Apple VNC desktop once we get it upgraded to version 2.1. You can read all about the history of Bell Labs VNC software and all of its supported platforms here. Finally, a word about nomenclature. The piece of software residing on the host machine always has been called the VNC Server until Apple came along and named theirs the Remote Desktop Client. The piece of software on the traveling machine that is used to connect back to your host or home base has always been called the VNC Client except Apple calls theirs the Apple Remote Desktop. Sounds confusing? You bet. For our purposes, we’ll refer to the Host Machine (meaning your home base host) and the Remote Machine (meaning the computer from which you are making the connection to your host machine). Whew!
Now, let’s upgrade the software on your Host Machine to make sure the standards-based remote access products will work. Just download and install the Apple Remote Desktop Client 2.1 from here. When you complete the installation, you will need to enable Apple Remote Desktop under the Services tab in the Sharing folder of System Preferences. Then click on the Access Privileges button, choose a user account, make sure all the boxes in the right column are checked, and check the "VNC viewers may control screen with password" option. Enter a password that you will use for remote access. Leave the "guests may request access" option unchecked, or you’ll have to have someone sitting at your host machine to grant access. Click the OK button to save your changes. Next, you need to open the firewall ports on your Mac and your hardware-based firewall to support remote access. Click on the Firewall tab. Then click the New button. Choose VNC (5900-5902) from the pull-down list. If it will only be you connecting to your host machine, then you only need to open port 5900 on your hardware-based firewall and point it to the internal IP address of your host machine. That completes the Host machine installation and setup for remote control.
Now let’s do the other half: the traveling or remote machine software, aka the VNC client. To test this, you’re going to need a second computer (not necessarily a Mac). It’s helpful to have a second computer inside your hardware-based firewall so we can get the kinks out before you try this on the road. If your second machine is also a Mac, then the software you need is Chicken of the VNC (get it?). Download the 2.0b2 version from a SourceForge mirror site to your Desktop. Once it is installed on your Desktop, drag the icon to your Applications folder. Double-click on the icon to start the application. The VNC Login screen will appear. Fill in the IP address of your Host machine and the password you assigned when we enabled the Apple Remote Desktop. The Shared Display checkbox lets more than one person connect to the same Host at the same time so long as you use different ports. Port 0 uses 5900, port 1 uses 5901, etc. The ports have to be open and pointed to your host on your hardware-based firewall. For now, you can leave Shared Display unchecked and make sure the Port is set to 0. Leave the Default Profile setting as is and decide whether you want to save your password in your keychain. That’s all there is to it. Click the Connect button and the screen of your Host machine should miraculously appear. You can toggle the Host machine display between a window and full-screen by pressing Command-Option-Control-`. To disconnect, just close the Host machine display window or choose Connection, Close Window from the title bar menus.
For additional assistance and terrific web-based documentation, just click on Help while the program is running. To keep up with the latest developments of Chicken of the VNC, visit MacUpdate. If you need VNC software for other platforms, Real VNC has the latest versions and AT&T’s VNC archive is another worthwhile site although it now is over five years old. VNC clients also are available for Palm devices and Treo smartphones as well as Pocket PCs and compatible smartphones. Enjoy!
ISP-In-A-Box: The $500 Mac mini (Chapter XIII, Crontab Scheduling)
Well, our plan for today was to get down in the weeds of BSD and actually show you how to wrestle with crontabs to schedule tasks on your Mac or Mac mini. But, as luck would have it, our friends at iMagicWeb had a better solution that they wrote us about. So let’s shift gears and wrestle with crontab in the least painless way possible … which is to use a terrific piece of free software called CronniX. It was written specifically to manage cron jobs using the traditional Mac OS X Aqua interface. Before we get to CronniX, let’s briefly address what crontab is and what it does for you. Think of crontab as the ultimate scheduler. It can run almost any BSD application, script, or command as well as any Mac OS X application or Applescript at any time or combination of times that you care to dream up. Stated another way, you use crontab to schedule background jobs, i.e. tasks that you want your computer to execute without bothering you or your computer’s display. We already are using cron jobs to handle our Email Reminders, and our Webalizer statistics, and our daily Web Calendars. But we’ve barely scratched the surface of the possibilities. Later this week we’ll add automatic backups of your main hard drive to any external USB or firewire hard disk. And there will be specific tasks that you come up with where a cron job is the obvious solution.
There are three main things you do with cron jobs: you create them, you change them, and you delete them. To change or delete an existing job, just highlight the job and click Edit or Delete. To create a new entry, you need to be aware that cron jobs can be run as any user including the root user, and they inherit the privileges of that user. The moral here is, for security’s sake and the overall health of your system, don’t run jobs as the root user unless you have to. In creating cron jobs, you can schedule them to run at a particular time or times or at timed intervals, e.g. every 15 minutes. And you can schedule cron jobs to only run on a certain day of the week or month or on an assortment of days chosen by you. You can also quickly bring your server to its knees by running disk-intensive cron jobs every minute of every hour of every day of the year. The choice is yours. Aside from not running cron jobs as root unless you have to, the only other bit of advice I would offer is this. Test whatever you plan to schedule as a background job in the foreground first. When run as a foreground task (i.e. from a Terminal window), you can watch it to make certain it does what you wanted it to do. If it doesn’t, you can kill the job by pressing Ctrl-C. It is extremely difficult to diagnose scripting bugs in applications you have running in the background particularly when all you hear is your hard disk beating its brains out. Before you can kill a background job, it usually has plenty of opportunity to wreak enormous havoc on your computer. Having said all that, what makes the Mac such an incredibly powerful server platform is due at least in part to the almost limitless capacity to schedule and execute background tasks of every variety imaginable.
Up to now we’ve been setting up cron jobs using Webmin which is every bit as efficient as swatting a fly with a sledge hammer. For one thing, you have to crank up the Webmin server just to be able to access Webmin using a web browser. For some tasks, this is a great approach. But for scheduling cron jobs, it’s a little silly. So, as I mentioned, our original plan for today was to cover the intricate details of using crontab and managing cron jobs from the Terminal command prompt. Lo and behold, it turns out there is a terrific little Mac OS X application called CronniX which makes the drudgery of crontabs all but disappear. As mentioned, the application is free although the author does accept donations. His web site is http://h5197.serverkompetenz.net/cronnix/. So go to the site, click on the download link and download the latest and greatest version (3.0b3.dmg). It will decompress into a folder on your desktop. Open the folder and drag the CronniX application to your Applications folder.
When you start up CronniX, it will default to the crontab for your current login ID. You can switch crontabs by pressing Command-O and entering the desired username including root and system. Existing crontab entries will be displayed for the username selected. An asterisk (*) in crontab lingo means all while an asterisk followed by a slash and a number means every so many minutes or hours or days. For example, */15 in the minutes column would mean every 15 minutes while */4 in the hours column would mean every 4 hours. To create a new crontab entry, you simply click the New button and fill in the blanks. Checking the checkbox beside a field sets that field to * or all. The syntax for commands is exactly what you would type in a Terminal window to execute the command. And, for Mac OS X applications, you can execute them by checking "Prepend /usr/bin/open" and then clicking the Browse button and choosing the desired Application. Once you’ve made your entry, click on the Save button to actually post your new entries to the selected crontab. Then press Command-Q to close CronniX. It’s as simple as that.
ISP-In-A-Box: The $500 Mac mini (Chapter XII, Email Reminders)
One of the most useful additions to any server is the ability to send yourself or others Email Reminders. Adding a web interface is simply icing on the cake. Yes, PDAs and cell phones and iCal can do it as stand-alone applications, but you have to be with the device where you scheduled the reminder, or you miss it. With a web-based email reminder system, you can send reminders to multiple devices and multiple people, not just yourself… and you can schedule them up to nine years in advance (assuming your server makes it that long). If you have teenagers, I don’t have to tell you how much they will appreciate your computer sending their cellphones reminders to clean their rooms in the middle of their night on the town. It also comes in handy to make sure you pay bills on time. And, you’ll find it absolutely essential in getting out of boring meetings early by simply sending your cellphone an urgent message at the top of the hour. Yes, the reminders can be recurring: every hour, every day, every month, or every year. And no, email reminders won’t cost you a dime. Unfortunately, it’s another of those little Linux gems that just didn’t quite fit the Mac way of doing things. So, we’ve fixed it up, added the missing pieces for MySQL and Perl, and repackaged it for all the Mac addicts who have built one of our ISP-In-A-Box systems these past few weeks.
Prerequisites. Before Email Reminders will work on your Mac, you’ll need to assure that you’ve enabled the Apache Web Server, the Postfix SMTP email server (POP and IMAP are not required!), the MySQL database server, PHP, and PhpMyAdmin. You’ll also need Webmin to add the crontab scheduling piece unless you’re familiar with using crontab directly … which we’re going to cover later this week, incidentally. For Email Reminders to function properly after installation, you’ll need to keep the following servers running all the time: Apache, Postfix SMTP, and MySQL. Aren’t you glad you bought that extra RAM!
Our approach should be getting familiar by now. We’ll download the software to your desktop, then move it to its permanent home on your web server. Next, we’ll run a simple MySQL script to create the necessary database to manage your reminders. Then we’ll customize the software to add your email return address. And finally, we’ll set up a crontab script to check for reminders to be sent at the top of every hour.
Downloading Email Reminders. You can learn all about Email Reminders at the author’s web site, but unfortunately for Mac users, the version available there just doesn’t quite work as packaged with Mac OS X. So we’ve customized the software a bit to match our ISP-In-A-Box configuration, and it’s available for download here. Once the 100K download to your Desktop completes, it should decompress into a folder named emrem. If not, double-click on the downloaded file to start the process.
Moving Email Reminders to Your Web Site. Open a Finder window, click on your local hard disk, and navigate to the /Library/WebServer/Documents folder. Then click-and-drag the emrem folder on your Desktop into the Documents folder. This will make your Email Reminders application available with a web browser using the syntax: http://yourdomain.com/emrem/ or http://localhost/emrem/ from your server desktop.
Building the Email Reminders MySQL Database. Open a Terminal window and switch to root user access: sudo su. Now move to the folder where we installed emrem:
After making certain that MySQL is running (/library/startupitems/mysql/mysql restart), type the following command to create your Email Reminder database:
Customizing Email Reminders. While you’re still positioned in the emrem folder, let’s add your own email return address just so email reminders don’t get bounced as spam. We’ll edit the configuration file with out usual Pico editor and, yes, BE CAREFUL: pico config.php. Now search for yourname: CTRL-W, yourname, then enter. Carefully delete yourname@yourdomain.com using the CTRL-D key. Now type your email address in its place. Save your changes: CTRL-X, Y, then enter.
Verifying All Is Well. Let’s run a simple test to be sure everything worked according to plan thus far. After assuring that your web server is running, switch to a web browser and go to http://localhost/emrem/. Now add an entry to send an Email Reminder to your own email address and schedule it for the next hour. Once you get a completed message, let’s use PhpMyAdmin to verify that the reminder was actually placed in the MySQL database we set up. Start PhpMyAdmin: http://localhost/php/. Click on the Databases pull-down and choose the emrem database. Now click on the reminders table, and choose the Browse tab. You should see one entry in your table. You can close your browser window now, but keep in mind that this is where you’d come to delete a reminder if, for some reason, something ever goes haywire. I’ve never seen it happen in four years of use!
Scheduling the Email Reminders Task. Finally, we need to schedule the Email Reminders Perl script to run each hour. It is responsible for checking to see if reminders are due to be sent and sending them. Start up Webmin if it is not already running on your server: /etc/webmin/start. Now open Webmin with your browser: http://localhost:10000. Enter admin for your username and your actual password. Click on the System button and then Scheduled Cron Jobs. Then click Create a new scheduled cron job. Make the following entries in the form and then click the Create button. Leave the default settings unless specified below:
Now all you have to do is wait for the top of the hour, and your first Email Reminder should arrive within a minute or two. Before redistributing this software, please read the license terms in the COPYING file which can be found in the emrem folder on your web site. Enjoy!
ISP-In-A-Box: The $500 Mac mini (Chapter XI, Web Calendars)
If you’re a big fan of the Mac’s iCal calendaring application like we are, then you will love this addition to your web site. Today we’re going to install PhpiCalendar which does one thing, but does it incredibly well. PhpiCalendar displays picture-perfect web calendars (see inset) of all of your iCal information which can be accessed from anywhere using a web browser. Do you need a .Mac account? Nope. All you need is an ISP-In-A-Box running the Apache Web Server and PHP. You’ll also need to install Webmin to handle the crontab task discussed below unless you’re familiar with the crontab application itself. And we’ve already covered how to password-protect your calendar web site if you want to. Because PhpiCalendar reads .ics calendars (IETF 2445 files), you can also use it to access calendars created with Mozilla Calendar and Sunbird, Novell’s Ximian Evolution, KOrganizer, and WinDates 5.0. Did I mention there are also thousands of free, downloadable .ics calendars at iCalShare that cover every imaginable subject matter: holidays of every flavor, astronomy, TV schedules, DVD release dates, iTunes release dates, sports schedules, band schedules, and on and on. So let’s get started.
We’ll first download the application, and then move it to a folder on your web site. Then we’ll load your existing iCal calendars and test the application. Once everything is working, we’ll add an entry in the crontab file to copy your iCal data over to PhpiCalendar each day at one or more times that you specify.
Downloading PhpiCalendar. PhpiCalendar is one of thousands of applications which are available at no cost on SourceForge.net. Just click here to download the latest 2.0 beta and choose a download site near your location to begin. The application will be copied to your desktop and then automatically decompress into a folder called phpicalendar-2.0b. Let’s rename the folder to something simpler. Just click on the existing folder name and change it to ical.
Moving PhpiCalendar to Your Web Site. Open a Finder window, click on your local hard disk, and then move to the /Library/WebServer/Documents folder. Now click-and-drag the iCal folder on your Desktop into the Documents folder. Now you can access your Web Calendars by going to http://localhost/ical/ or http://yourdomain.com/ical/. Test it now using your web browser. Your own iCal information will not appear, but some sample calendar events will.
Importing iCal Data into PhpiCalendar. In order to import your iCal calendars into PhpiCalendar, we first need to figure out where your iCal data is stored. Using Finder, press Command-F and search for file names on your local hard disk that contain .ics. Click on one of the file matches to display its location which should be something like the following: /yourname/Library/Calendars where yourname is your Mac login ID. Write down what you found, and then open a Terminal windows (Freudian slip?) and switch to root user access: sudo su. Enter your admin password. Now let’s clean out the sample calendars that were distributed with PhpiCalendar and copy your own iCal data into the PhpiCalendar folder:
Now refresh your browser at http://localhost/ical/ and your very own iCal data should now appear in the web calendar. Click on the small icons in the upper right section of the main screen to change from daily to weekly to monthly to yearly views. You can permanently save your preferences by clicking on (you guessed it!) Preferences.
Automating PhpiCalendar Updates. Because PhpiCalendar operates independently from iCal, we need to automate the process of copying your calendars from iCal each day. We’ll do it with crontab using the Webmin application we installed last week. Make sure Webmin is running (/etc/webmin/start), and then open it with your web browser: http://localhost:10000. Click on the System button and then Scheduled Cron Jobs. Then click Create a new scheduled cron job. Make the following entries in the form and then click the Create button. Leave the default settings unless specified below:
Once you have assured that your calendars are being updated daily, you can silence email advisories by adding > /dev/null 2>&1 to the end of the Command in your cron job. Just click on the job, make the change, and click Save. Check back with us next week for some more terrific applications. Have a great weekend!
ISP-In-A-Box: The $500 Mac mini (Chapter X, Web Sites 101, Part II)
Today we finish up our two-part series on a few webmaster fundamentals that you will need before we can build some of our upcoming web projects. The tasks assume that you already have an Apache Web Server up and running and that you have installed Webmin which we covered last week. As in past columns, our preference is that you first at least read through our previous ISP-In-A-Box tutorials (available as a PDF collection here) so that you have a basic understanding of how to do things, but that√¢‚Ǩ‚Ñ¢s up to you. Yesterday we showed you how to assure that directories without a default web page never display, and you learned how to password-protect web site directories. Today we’ll show you how to configure Apache to serve up multiple web sites from a single web server, yours.
There’s no reason you can’t have more than one domain with your new web server. And each can have its own independent web site. Whether it’s static or data-driven is, of course, up to you. You also can build fully-qualified subdomains for all of your kids or small-business departments, and let them maintain their own web sites using the Mac’s built-in user accounts. For example, web sites for johnny.begood.com and betty.begood.com would be built in the Sites folder for accounts set up on your Mac as johnny and betty. Then it’s a simple matter, with Omnis.com’s DNS tools, to point johnny.begood.com to the appropriate web site using a Proxy (aka mod_proxy) record for the begood.com domain that looks like this (substituting your own IP address, of course):
But suppose you want to have two completely different domains with two completely different web sites, and you don’t want to have to create separate Mac accounts to maintain each domain. That’s not a problem either. Apache was designed to do just that. We’re going to use Webmin to configure a second domain which we’ll create in a new folder called calendar off our main web site tree: /Library/WebServer/Documents. Note, however, that you shouldn’t create the calendar folder under the default Documents folder unless you don’t mind that folks visiting your main web site (http://mydomain.com) can also access the calendar web site by going to http://mydomain.com/calendar. If you want to prevent this, then you’d create the calendar folder at the same level as the Documents folder, i.e. as a new folder in the /Library/WebServer folder. The only drawback of the latter approach is that you can no longer access the site using the http://localhost syntax. I’ll bet you can figure out why.
The first step is obviously to register a second domain and use the registrar’s DNS service. We’ve previously covered this (here) if you need some help. Once you have done that, create two new DNS A records that point to your IP address. Apache will handle figuring out which domain is hitting your web server. Note that you cannot use Proxy records if you want Apache to resolve the domain names. If you use Proxy records, you can distinguish various web sites by assigning each domain to a different port, e.g. 82, 83, and 84. The syntax for the Content would be http://111.111.111.111:81. You also would have to enable these ports in the Apache config file by searching for the word "Listen" in httpd.conf and adding separate lines for each port you wish to enable: Listen 82, Listen 83, and Listen 84. Then you would restart Apache. For now, let’s use A records which are a bit easier to implement:
We’re now ready to configure Apache to handle the second domain. Make sure Webmin is running on your server (/etc/webmin/start), and then open a web browser and go to http://localhost:10000. Click on the Servers button and then click Apache Web Server. At the bottom of the page is a form to Create A New Virtual Server. Just fill out the form with these settings and leave the other defaults the way they are. Then click the Create Now button.
For your changes to take effect, you’ll need to stop and restart your web server. This can be done at the top of the form by clicking the Stop Apache button and then the Start Apache button.
ISP-In-A-Box: The $500 Mac mini (Chapter X, Web Sites 101, Part I)
Today and tomorrow, we're going to cover a few more fundamentals that you will need to master before we can build some of our upcoming web projects. Today's tasks assume that you already have an Apache Web Server up and running and that you have installed Webmin which we covered last week. As in past columns, our preference is that you first at least read through our previous ISP-In-A-Box tutorials (available as a PDF collection here) so that you have a basic understanding of how to do things, but that's up to you. Our three projects for today and tomorrow are assuring that directories without a default web page never display, learning how to password-protect web site directories, and mastering how to configure Apache to serve up multiple web sites from a single web server, yours.
Preventing Display of Web Site Directories With No Default Web Page. As delivered by Apple with your new Mac, the default Apache configuration tells your web server to display a directory listing of any web site directory that does not have a default web page (index.html or index.php). That means that, if you create subdirectories below /Library/WebServer/Documents, the contents of each one will be shown to any visitor that guesses the name of the directory. If you happen to have your tax returns stored there, you see the problems this might cause. To demonstrate what I'm talking about, let's create a directory and then access it with a web browser. Open a Terminal window and switch to root access: sudo su. Now create a directory called emrem under your main web site: mkdir /Library/WebServer/Documents/emrem. Switch to your web browser and access the new site: http://localhost/emrem/. See what I mean. If you had filled emrem with documents, they would be accessible to anyone on the Internet. The same default applies to your personal web site at http://localhost/~username and subdirectories created in your Sites folder. For security's sake and your own peace of mind, I prefer defaults which specify that the contents of directories not be displayed unless you expressly authorize it. So here's how to fix it. Switch back to your Terminal window with root access. Move to the Apache configuration directory: cd /etc/httpd. Now let's edit the Apache config file carefully: pico httpd.conf. Search for the word "indexes": Ctrl-W, indexes, then enter. We're looking for every line in the config file that begins with the word "Options" and contains the word "Indexes." This probably won't apply for the first match of the word "Indexes" so move the next occurrence of the term: Ctrl-W then enter. You should get a match on this one. Position the cursor under the "I" in Indexes and press CTRL-D until the entire word is deleted. Then search for the next match, and repeat the drill until you get to the bottom of the file. Now save your changes: CTRL-X, Y, then enter. Now stop and then restart Apache for your changes to take effect (covered in our Apache tutorial). Then access http://localhost/emrem/ again, and you should get an access denied message.
Password-Protecting Web Site Directories. There also will be times when you want to build web sites on your server which are available over the Internet, just not to everybody. The easiest way to accomplish this is to prompt for a username and password to log in to certain sites before any access is provided. Apache handles this for any web browser, but you first have to enable it. Then you need to build a password file and store it where Apache can find it, but your web site vistors cannot. And finally, we need to insert an .htaccess file in every directory that you want to password-protect for Internet access.
Configuring default htaccess file. To get started, Ctrl-Click here and Download the Linked htaccess File to your Desktop. Do not save the file with a leading period in the file name. We'll do that later. Open Finder, click on your local hard disk, and navigate to the /Library/WebServer folder. Now Click-And-Drag the htaccess file on your Desktop to the /Library/WebServer folder. Close your Finder window, and then open a Terminal window. Switch to root user access: sudo su. Provide your admin password if prompted. Now we want to clean up the ownership and permissions for our sample htaccess file so move to the directory where we put the file: cd /Library/WebServer. Make root the owner of the file: chown root htaccess. Make admin the group for the file: chgrp admin htaccess. Now set the file permissions for world read access only: chmod 774 htaccess.
Configuring Apache for Password-Protected Directories. Now we have to configure Apache so that we can password-protect directories. The default Apache configuration would ignore our .htaccess file. Using your Terminal window with root access, move to the Apache configuration directory: cd /etc/httpd. Now let's edit the config file carefully: pico httpd.conf. Search for the word ".htaccess": Ctrl-W, .htaccess, then enter. This will position the cursor on a comment about using .htaccess files to override Apache settings. Immediately below the comment is a line which begins with the word "AllowOverride." We want to replace the word after AllowOverride with the word "All" (without quotes). Move the cursor to the beginning of the word to be deleted and press Ctrl-D until the word is deleted. Then type All. Save the config file: CTRL-X, Y, then enter. Now stop and then restart Apache for your changes to take effect (covered in our Apache tutorial).
Building a Password File. The password file is where Apache looks to determine whether one of your web site visitors (including you) is allowed access. There are a couple tricks to this. First, you want to put the file where Apache can read it, but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the password are encrypted. Here's how to do it. Open a Terminal window and switch to root access: sudo su. Now let's move to the directory where we'll put the password file: cd /usr/local. We're going to name our password file users.pw to match the htaccess file that you already downloaded. To create the file and erase any existing file without warning type: htpasswd -c users.pw admin. Think up a password you can remember, and you'll be prompted to type it twice. Now let's verify that the file was created: cat users.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to your existing file, just type: htpasswd -b users.pw username password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful.
Password-Protecting A Directory. The way you password-protect a given directory on your web site is to copy the htaccess file we downloaded earlier into the desired directory, and name it .htaccess (with a leading period). So let's try it. Move to the nerd directory we built previously: cd /Library/WebServer/Documents/nerd. Now copy the htaccess file into the directory: cp /Library/WebServer/htaccess .htaccess. Close your web browser and reopen it to http://localhost/nerd/ and you should be prompted for a username and password. Type in admin and the password you made up, and you should be admitted. If you're not prompted for a username and password, you probably forgot to restart your Apache web server after updating the Apache config file. If you can't get in with the the username and password you thought would work, just recreate the file, and try again. Suppose you change your mind and want to remove password protection from a directory. Switch to root access with Terminal: sudo su. Move to the directory: cd /Library/WebServer/Documents/nerd. And then delete the .htaccess file: rm .htaccess. You may have to change our browser and reopen it for the changes to take effect.
ISP-In-A-Box: The $500 Mac mini (Chapter IX, Building a Data-Driven Web Site: Part II)
Yesterday, we installed a data-driven web site on your new Mac mini as part of our ISP-In-A-Box project, but it was the contents of my web site (see inset). So today, let’s finish your site by filling it with your content. First, we’ll cover replacing the Nerd Vittles image (see inset) with either your own photo or Google Ads. Then I’ll give you a brief tutorial on the structure of this data-driven web site and how to modify it with PhpMyAdmin. And you’ll be off to the races.
If you’re new to the computing world and short on money, one of the must-have photography tools for your new Mac or PC is Photoshop Elements. Lucky for you version 3 has just been released. But, if you don’t have $70, not to worry. You can get version 2 which runs on both the Mac and PC platforms (same CD) for about $20. I still use version 2. Works great! Just a little less (ful)filling. To replace the Nerd Vittles image in the web site, just create your own image (728 x 90 pixels), Save For Web as a JPEG image, and name it nerd.jpg. Now drag it into the /Library/WebServer/Documents/nerd folder and replace the existing nerd.jpg file. Refresh your browser display at http://localhost/nerd to see your finished product. Take a look at the one we did for our home page at mundy.org if you need ideas. Or, if you’d prefer Google Ads (see sample site), then edit index.php in /Library/WebServer/Documents/nerd folder using TextEdit, search for nerd.jpg, and delete everything between the CENTER codes surrounding it. Now paste your Google 728 x 90 Leaderboard ad code between the CENTER codes to complete your page. Save the document, and you’re all set.
Now let’s customize your new web site with your own content. First, take a look at the site as it looks today. Use http://localhost/nerd if you’ve already completed Part I. Otherwise, just look at mundy.org. There are four columns of site links: a favorites column on the left and three others which are subdivided into topics. As already mentioned, all of the data to generate this site is stored in a single MySQL table. So, to change the content, all we have to do is edit the MySQL table and plug in your own links. The only trick to this is an organizational one. Before beginning the editing process, you need to lay out on paper what site links you want to include on your web site. You probably don’t want my kids’ email links. In laying out your site, you also need to come up with the categories into which you will place your various site links. Also keep in mind that you can have just over a dozen favorites in the left hand column, and the remaining columns all need to have approximately the same number of site links. Fifty is a pretty good ballpark number for site links in each column, and those should be subdivided into about four topics per column. You can always start with less and add more later. Just divide them up evenly so they can be spread across three columns. If you haven’t figured it out yet, this is the hard part. Making the adjustments to the MySQL table using PhpMyAdmin is pretty easy. Once you finish this project, I hope a few of you will be brave enough to post a comment below with a link to your site so we can all take a look and give you a little friendly feedback.
While laying out your site on paper, you should have come up with the subheadings for each section, and you should have defined which sections will go in which column and in what order. Now let’s number the columns (1 through 4) and the subheads in each column starting with 1. You can start the subhead numbers over with 1 in each new column. Finally, number the site links in each category starting with 1. If you have more than 9, use the alphabet after 9. Then start the site links over with 1 for each new subhead. On another piece of paper, let’s make a chart with seven column headings: Web Site Name (subject), Web Site Address (url), Description (comments), Column Number (category), Subhead Sequence Number (majorsort), Subhead Title (majorcateg), and Sort Sequence within Subhead (sortcode). The headings in italics are the actual field names in the MySQL website table. The headings in bold identify what information goes there. Having a description for any or all entries is optional. The other fields all are required. Now fill in the chart with your information. And, yes, I know the field names could have been more helpful, but the margaritas sure were good the night I originally designed this. Now, just so you’ll know, when index.php builds your data-driven web site (on the fly), it sorts all of the information in the website table by column number (category), then subhead sequence number (majorsort), then subhead title (majorcateg), then sort sequence within the subhead (sortcode). The only real gotcha is to make sure all of your subhead titles (majorcateg) are the same within a given subhead sequence number (majorsort), or you get extra subheadings in your page. It’s still no big deal. Just edit the table again to fix it.
Now that we’ve got our data squared away, let’s open PhpMyAdmin and get started: http://localhost/php/. Click on the Database pull-down in the left frame and choose mundy. Now click on the website table under the mundy database. Information associated with the Structure tab of the website table should appear in the right frame. Let me just note here that there is a bug in the frame code of PhpMyAdmin that causes the right frame to open in the left frame once it awhile. That doesn’t work too well because there’s insufficient real estate in the left frame to see what you’re doing. Don’t get frustrated if this happens. Just close the PhpMyAdmin browser window and then reopen it, and all will be well.
Once the structure frame appears in the right frame, we’re going to build a quick index so you can see how the data actually lines up in the website table to match our current web site. Look in the Indexes section of the right frame and find the line that begins: Create an index on 1 columns. Click on the numeric field (with the 1) and change it to a 4. Then press the Go button. Name your new index MyIndex. Leave the index type set to Index. Then use the four pull-downs to specify the index fields in the following order: category, majorsort, majorcateg, sortcode. Now click the Save button. You should now see your MyIndex index in the listing of indexes. Make sure the index order is correct. If not, click the red X beside MyIndex to delete it, and try again. Now click on the Browse tab at the top of the right frame to bring up the table browsing window. Just above the data is a line which reads: Sort by key. Click on the pull-down, choose MyIndex (Ascending) and click the Go button. The website table should now be sorted in the same order as the display of web links on the actual web page at localhost/nerd. Using the tab feature of your browser, you can flip back and forth between the web site and the website table to verify that they do, indeed, match. Notice also that the first three records have the same sortcode. This is an easy way to adjust the placement of a newly added entry (to move it further up your list) without having to renumber every entry. The last thing we want to do before we begin editing the actual table is to expand the table display to include all of the records in our file. Just above the table data is a line which reads: Show: 30 rows starting from record # 30. Change the first 30 to 300, and change the second 30 to 0. Then click the Show: button. Now the entire website table is displayed just as it appears on your current web site. As you make changes to your web site now, my advice is add or change a few records at a time, and then refresh your web page and make sure it looks and works the way you expected. A tabbed browser is great for this exercise by the way so kiss Internet Explorer goodbye (if you haven’t already).
You have two choices now. You can either delete some or all of the existing records and then insert new records of your own, or you can edit the existing records to replace the existing content with your own data from your chart. I’d recommend the latter at least until you know what you’re doing. To edit a record, click on the Pencil icon just to the left of the red X for the record you want to edit. To delete a record, you click on the red X. If you leave the existing records, then you won’t have to worry about the majorsort, category, and sortcode fields for the time being. And don’t ever change the recno (record number) field which must remain unique. Just change the majorcateg data to match whatever subheads you have chosen for your own web site, and plug in your own data for the subject, url, and comments fields. Once you’ve made your changes to a record, click the Go button to save your data and move back to the table browser window. Wait until you have finished editing and deleting existing rows in the table before you add new ones because clicking on the Insert tab clears the settings for your table browser window. When you’re ready to add new records, just click on the Insert tab at the top of the right frame. Leave the recno field blank, and MySQL will automatically fill it with a new, unique sequence number. Click the Go button to save your new record once you fill in the information for each field. That’s all there is to it. Enjoy your new web site … and let us all know where to go look for it!
Free Asterisk Solutions
