• Tech

    How to replace PHP on OS X Server 5.x with PHP via Homebrew

    The version of  PHP on OS X Server 5.x is v.5.3.x. As of this writing, the current distro of PHP on Homebrew is v.7.4.12. You will lose the ability to control PHP loading from the GUI.

    To prep, you should have prepared a phpinfo.php file on your website in an orphan directory so you can check all the modules that load with PHP. It is simply a text file with the name phpinfo.php and the content is:

    phpinfo();

    Don’t worry if PHP is currently running.

    Install PHP via Homebrew:

    brew install php
  • OS X Server Globe
    Tech

    [OS X Server 5.x] httpd.conf location

    The httpd.conf file controlled by the Server.app is stored at

    /Library/Server/Web/Config/apache2/httpd_server_app.conf

    If you happen to update PHP or other Apache modules through non-Apple methods (e.g. homebrew), then this is where you add your LoadModule and FilesMatch arguments.

    You MUST restart the web server through the Server.app for changes to load. apachectl graceful will not load the changes in httpd_server_app.conf.

    #This article is in response to “Update PHP on OS X Server 5.x”.

  • Lets Encrypt & Certbot
    Tech

    Certbot, HTTPS, and Timeout Error

    If you use Let’s Encrypt as your SSL certificate authority, it is paramount that you implement an automatic certificate renewal procedure.

    Very helpful tutorial from Mac Strategy – How To Setup Let’s Encrypt For OS X / macOS + Server 5.x

    When setting up or renewing your SSL certificates, you may encounter a problem with certbot giving you the following error:

    Timeout, https://www.example.com (http-01):
    urn:acme:error:connection :: The server could not connect to
    the client to verify the domain 

    This may be happening if you ONLY have the HTTPS version of your website configured OR if you use http::REDIRECT to redirect to HTTPS without letting the GET request connect to a HTTP version of your site.

    certbot, as default, can only validate your website via HTTP on port 80. The easiest solution would be to provide an HTTP version of your website. This may be less than ideal for many setups where port 80 is inundated with DDoS attacks – so it seems.

    In reality, if port 80 is served by the same software that serves port 443, having port 80 open does not increase the amount of risk. Rather, it is a reminder that one should not rely on the illusion that HTTPS alone will prevent a hack. Your website design should be more resilient in that it would protect against ALL web based attacks.

    A message from Let’s Encrypt regarding Port 80: Best Practice – Keep Port 80 Open

    So open up port 80, setup your webserver to answer to HTTP requenst, and renew your Let’s Encrypt SSL certificates using certbot. And go add some security features to your website while your at it.

    For WordPress sites like this, you can use the WP Force SSL plugin to reroute all HTTP request to HTTPS via script. That means, any non-Wordpress request like certbot’s will be processed via HTTP.

  • Tech

    Squirrelmail: Attachments download as “download.php” when using 2-byte interface

    Symptom

    When downloading an attachment from the Squirrelmail webmail interface, the downloaded file’s filename remains as “download.php” instead of being renamed to the correct filename. This only happens when a 2-byte character language interface is selected from “Options > Display options”.

    Cause

    When using a 2-byte language interface, the encoding and decoding of the attachment filename is passed through the i18n.php logic. The particular code detects the users’ CPU platform and passes along the decoding to a function accordingly. The code in “functions/i18n.php” has an error where the CPU detection string uses “Mac_” instead of “Mac”. “Mac_” only applies to MSIE. It is very likely that the programmers of i18n.php has only tested this code using MSIE and not Safari or a Mozilla variant.

    Solution

    Edit “functions/i18n.php” around line 630. Change:

    strstr($useragent, 'Mac_') !== false) {
    to
    strstr($useragent, 'Mac') !== false) {
    *** This method has not worked consistently throughout version updates. Please make a backup of the original file before proceeding. ***
  • Uncategorized

    Mojibake with Japanese Filenames

    Japanese filenames will cause MOJIBAKE in squirrelmail when POST is used through PHP. You will need to make the following changes to php.ini on a new server.

    mbstring.language = Japanese

    mbstring.http_input = auto

    You may also force, if you wish:



    mbstring
    .internal_encoding = EUC-JP

    but, it is not necessary to do so.