Snow Leopard Server upgrade hoses Apache config

I recently upgraded an Xserve running Mac OS X Server from 10.5 (Leopard) to 10.6 (Snow Leopard). The upgrade was mostly uneventful, except for the web server configuration. We have a lot of manual changes (two instances of Plone using mod_rewrite, some local directories that are served up as is, and user directories). This is a rundown on the changes I had to make after the upgrade was complete to restore web service.

As part of the upgrade, Snow Leopard Server runs a script that reads the Apache config files and tries to bring them into compliance with the default configuration under Snow Leopard. The result of all the configuration munging (for all services) can be found in /Library/Logs/Setup.log. I found several problems with the changed Apache configuration. Kindly, the configuration munging script leaves unmodified copies of all the files it modifies with the suffix “.saved-Pre-SnowLeopard-unmodified”, so it is straightforward to diff the old configuration with the new one to see what changed.

First, mod_userdir was commented out in httpd.conf, preventing “~username” URL rewriting. Snow Leopard also adds an “mod_apple_userdir” (which supposedly improves security of this feature [PDF]), but also left that disabled. So by default, “~” URLs just stop working, with no notification beyond a bullet point in one of the supplemental PDFs. This is poor form, IMHO. I ended up re-enabling mod_userdir.

The next problem was the configuration file munger decided to remove all RewriteRule lines from each of the virtual host configurations. Obviously, this broke many things, but it was easy enough to copy each line back from the original configuration.

Even after fixing those issues, web service wasn’t working properly. I noticed that there was a “0000_any_80_.conf” configuration in the “sites” subdirectory (in addition to “0002_any_80_.conf”), which wasn’t being used in Leopard, but appeared active in Snow Leopard. I moved this config to the “sites_disabled” directory, and that made things much better. I’m not sure if this was some vestige of an upgrade from Tiger to Leopard, but it was causing problems.

Finally, the config munger added “ServerAlias *” to my first virtual host configuration (prefixed with “0000”). While this might be appropriate if this was the default host, as a virtual host it grabbed all URLs and prevented them from matching virtual hosts with later sequence numbers. Removing this line fixed the last issue (which was that all requests went to the first virtual host).

Admittedly, Apple faces a difficult proposition in performing automated server OS upgrades. Many of the OS services are based on industry standard open source packages that overwhelmingly use custom text configuration files. Advanced administrators will frequently want to edit those files by hand to install  3rd party open source packages that build on those services. But Apple also provides GUI tools to make things easier, tools that must read and write the configuration files. This leads to the desire to keep the configuration files canonicallized for easier parsing. So at the end of the day, some poor engineer has to write an upgrade script to read all these (possibly arbitrarily modified) configuration files and bring them into line with the versions that ship with the new OS version.

That said, it seems like the upgrade scripts could do a better munging job. Turning off modules is uncool, as is dropping lines from the config on the ground.


3 thoughts on “Snow Leopard Server upgrade hoses Apache config

  1. Robert Brewer Post author

    We had enough customizations that I didn’t want to do a clean install. Besides, Apple provides a way to upgrade an existing server, so it should work.

  2. Piersi65

    I installed WordPress on a mac mini with Snow Leopard Server, but I can not install updates because WordPress can not find the folder “wp-content”.
    I set the permissions read / write to all folders that contain WordPress.
    How can I do?
    Thank you.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s