Part 3: macOS 10.13 High Sierra Web Development Environment
This is an updated version of our prior OS X development series. The newly released macOS 10.13 High Sierra requires significant changes compared to prior releases, necessitating a thorough revamp in the process. The main change is why now use Homebrew's Apache, rather than the built-in version, but it should continue to work on prior OS X versions.
In Part 1 of this 2-part series, we covered configuring Apache on macOS Sierra 10.13 High to work better with your local user account, as well as the installation process for installing multiple versions of PHP. In Part 2, we covered installing MySQL, Virtual Hosts, APC caching, YAML, and Xdebug.
In this Part 3, we will cover getting your site setup with SSL support for this setup.
This guide is intended for experienced web developers. If you are a beginner developer, you will be better served using MAMP or MAMP Pro.
It is often important to be able to test your local site setup under SSL (e.g. https://yoursite.com). There are a few steps that are needed to accomplish this with your Homebrew-based Apache setup. The first step is to make some modifications to your
$ open -e /usr/local/etc/httpd/httpd.conf
In this file you should uncomment both the
ssl_module, and also the include for the
httpd-ssl.conf by removing the leading
# symbol on those lines:
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so ... LoadModule ssl_module lib/httpd/modules/mod_ssl.so ... Include /usr/local/etc/httpd/extra/httpd-ssl.conf
Next we need to change the default
8443 port to the more standard
443 and comment out some sample code. So we need to open the SSL config file:
$ open -e /usr/local/etc/httpd/extra/httpd-ssl.conf
replace it with:
<VirtualHost _default_:8443> # General setup for the virtual host DocumentRoot "/usr/local/var/www" ServerName www.example.com:8443
and replace the
8443 references with
443 and note the commenting:
<VirtualHost _default_:443> # General setup for the virtual host #DocumentRoot "/usr/local/var/www" #ServerName www.example.com:443
After saving this file, you should then open up your
/usr/local/etc/httpd/extra/httpd-vhosts.conf to add appropriate SSL based virtual hosts.
$ open -e /usr/local/etc/httpd/extra/httpd-vhosts.conf
Here you can create a VirtualHost entry for each virtual host that you wish to provide SSL support for.
<VirtualHost *:443> DocumentRoot "/Users/your_user/Sites" ServerName localhost SSLEngine on SSLCertificateFile "/usr/local/etc/httpd/server.crt" SSLCertificateKeyFile "/usr/local/etc/httpd/server.key" </VirtualHost>
In this example we have created the VirtualHost for localhost, but it could be any of your existing or even a new VirtualHost. The important parts are the the
443 port, along with
SSLEngine on and the
SSLCertificateKeyFile entries that point to the certificate we now need to generate.
To get this all to work with Apache, we need to create a self-signed certificate that we have already referenced in the VirtualHost definition.
The following commands will often prompt you for information regarding the certificates. You should fill these in with sensible values, however, the Common Name should match the ServerName entry in your
httpd-vhosts.conf file you just added.
First generate a key and certificate:
$ cd /usr/local/etc/httpd $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
Then all you need to do now is double check your Apache configuration syntax:
$ sudo apachectl configtest
If all goes well, restart Apache:
$ sudo apachectl -k restart
tail -f /usr/local/var/log/httpd/error_log, the Apache error log while you restart to see if you have any errors.
Now simply point your browser at
https://localhost. If you are prompted about a self-signed certificate, in Chrome you can hit the
Advanced option on that page and proceed while in Firefox you need to expand the
I Understand the Risks and add as exception. This is due to the fact that the self-signed certificates are not signed by any authority and for this reasons the browsers add warnings about it. Although, since you are the one who created the certificate, you understand it's safe to accept it.