Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Check changes made to Apache's config file Apps
With the release of 10.4, OS X has changed a couple of things important to the Apache Web server. For example, Rendevous is now Bonjour, and there a few changes in the configuration file for Apache. Due to this and a couple of other minor changes, the Apple installer (when doing an upgrade install) writes a new httpd.conf into the /etc/httpd directory.

The problem, of course, is if that if you have customized httpd.conf for anything, you will have lost your custom configuration. In my case, the server was no longer doing SSL and PHP. The installer, thankfully, moves your original file to httpd.conf.user_modified before creating the new one. Because of the changes in the system, though, you cannot just rename the file and proceed -- that configuration file will not work without some changes.

So, to find out how the new and old differ, just do the following in Terminal:
 $ cd /etc/httpd
 $ diff httpd.conf httpd.conf.user_modified
What you need to do to fix things up depends on your customization needs, but diff will show you where the files differ.
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[15,225 views]  

10.4: Check changes made to Apache's config file | 15 comments | Create New Account
Click here to return to the '10.4: Check changes made to Apache's config file' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Check changes made to Apache's config file
Authored by: boredzo on Oct 07, '05 06:57:12AM

I find the output of diff -u easier to read.



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: gdurr on Oct 07, '05 07:08:57AM
If you have installed the Apple Developper Tools you also have filemerge which is a graphical application similar to diff.

---
--
Guillaume DURR

[ Reply to This | # ]

TextWrangler's diff
Authored by: hayne on Oct 07, '05 07:25:59AM

And there is also TextWrangler's "Find Differences..."
TextWranger also installs a command-line tool 'twdiff' that can be used instead of 'diff' - it shows the diffs in TextWranger windows.
TextWrangler is free from bbedit.com



[ Reply to This | # ]
TextWrangler's diff
Authored by: jeb on Oct 07, '05 08:57:01AM
I agree, TextWrangler is a great program, and you can't beat the price. I've tried vi and emacs, and am capable in them, but TextWrangler just makes everything so pretty and I don't have to remember nearly as many commands. You should try it out, here's a link.

[ Reply to This | # ]
unified diff
Authored by: sjk on Oct 09, '05 05:00:25PM

I'm impressed. For me, "diff -u" output has always been more machine than human readable.

The "-c" (context) option can be useful when generic diff output isn't enough. And sometimes I prefer using sdiff or wdiff.



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: bslade on Dec 28, '05 07:27:14AM
A diff command which was easier for me to read is (on OS X 10.4.3):

diff -iwy --suppress-common-lines httpd.conf httpd.conf.user_modified

Or with the diff options specified in the verbose manner:

diff --ignore-case --ignore-all-space --side-by-side --suppress-common-lines httpd.conf httpd.conf.user_modified

Note the center column. If the arrow is pointing to the left, that means a new line exists on the left, similar for a right pointing arrow.

Ben in DC

[ Reply to This | # ]

10.4: Check changes made to Apache's config file
Authored by: koncept on Oct 07, '05 07:45:24AM

I really hope I am not alone on this issue, but I just have to say that in the past, this issue has really frosted me. So much so, that I don't use the default Apache server any longer and decided to build my own where Apple can't touch it.

It REALLY bugs me when Apple does these updates and don't feel the need to warn that the httpd.conf has been replaced and/or modified. I say this because as mentioned before, many people customize this file to activate PHP and what not, so the results of these patches can bring about some rather problematic security issues. For example, along comes a patch that changes the "Rendezvous" module to "Bonjour", and now your PHP source code being served to your visitors as plain text! Way to go Apple.



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: hagbard on Oct 07, '05 12:36:13PM

I've seen this in a panther update. That's almost a criminal offence ! I mean there could have been mysql passwords etc inside those .php that were served as source code !



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: TvE on Oct 08, '05 02:13:55AM

If one cares about security then one would be expected to do at least one of the following:

- read the "list of files" the installer will install
- read about bugs (or none) on eg macfixit forums befor installing an update
- check on a testing server
- run a server as opposed to a client


Specifically regarding the changes in httpd.conf - I am fairly positive that this issue (replacing the file on upgrade) have been around since 10.0.0 so I guess it is common knowledge as well as well documented (on non-Apple sites) for a lot of OS X users



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: Chiwo on Oct 09, '05 05:09:49AM
FWIW, I launch my own Apache like this:
/usr/sbin/httpd -f $HOME/etc/httpd/httpd.conf


[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: koncept on Oct 11, '05 04:58:10AM

Great workaround. Thanks.



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: nvdingo on Oct 07, '05 09:00:45AM

the majority of the confchanges that i make reside in a couple of files that i "Include"

all my custom changes are usually just adding directives.

everytime i do an update, i just add back in the includes files in appropriate areas
at the end of the file i add
Include /path/to/vhosts.conf
which contains my VirtualHost directives, including my SSL setup
earlier in the file i add a Include /path/to/php.setup
to reactivate my PHP module

it's annoying to have to do this each time, but it's easier than combing through the two config files looking for changes, i know what configs i need to make it work, and i put them somewhere apple won't know to look, a separate file.



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: metafeather on Oct 07, '05 12:33:03PM

As far as I can remember (10.0?) Apple has always provided a place for custom apache directives:

/etc/httpd/users/<login name>.conf

Every time a user account is created in OS X a blank file is created here, and there has always been a directive in the standard Apple apache conf to include all these files, as the last line:

Include /etc/httpd/users/*.conf

Personally all I have ever put in this file is an include directive of my own to where-ever I want to keep my own apache conf e.g.:

Include /Users/<login name>/UNIX/etc/httpd/localhost.conf

Its a shame that some packages edit the apache conf directly when they could also add their own files to the /users/ dir themselves, and this way even if Apple suddenly decide to enable PHP themselves, all that would happen is a warning about duplicate modules in the logs.



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: unforeseen:X11 on Oct 10, '05 02:33:25AM

"File Merge" (installed with the Developer Tools) ist also good for tasks like that; good visual implementation.

---
--
this is not the sig you`re looking for.



[ Reply to This | # ]
10.4: Check changes made to Apache's config file
Authored by: merlyn on Oct 10, '05 06:30:51AM

In general, if you have to change a vendor-supplied file, it's best to also maintain the "original" file for easy access as well. Then, when the vendor provides an update, you can do a "three-way" merge, which will generally lead to better results than trying to do a merge by hand.

You tell the three-way merge tool that both your file and the new vendor file are derived from the "common ancestor" of the original vendor file, and the tool can generally pick the right "differences" to place into the merged file. It's pretty slick. (You then save the new "vendor" file as your new baseline, so that a subsequent update is also merged properly by repeating the process.)

Emacs has a three-way merge mode. There's also "merge" at the command-line if you're a CLI-kinda-guy. Perhaps the developer tools also have a GUI three-way merge, but that's the keyword you're looking for.



[ Reply to This | # ]