Passenger, Virtual Hosts and permissions on a Mac
It doesn’t work like it says on the tin
I thought I’d document this because it drove me insane.
I installed Passenger and ran the commands you’re supposed to and it all seemed to be working.
I’ve configured this lots of times on Ubuntu with no problems. The Mac has a slightly different take on things, so I put the passenger config in /private/etc/apache/other/passenger.conf and there’s already a Virtual hosts file in /private/etc/apache2/extra/httpd-vhosts.conf.
So I put the configuration for my lovely Rails site and pointed it at a directory in my home. So what did I get back from Apache after this change?
You don't have permissions to access / on this serverI also got this when I just tried to get to localhost. Hmmm.
Problem solving part 1
- Put everything back the way it was
- Reintroduce the changes one at a time
- When you know what change caused the problem, play with it until it goes away – if only you could give problems nice cakes and ask them to leave.
Put Apache back and turned off virtual hosts. Then I got the classic Apache it works! message. Good.
Turned on passenger and then v-hosts but had no hosts in the file. It works again. Good.
Put one host in the file that pointed to my directory with just an index file in. It breaks, even localhost is broken.
Stroke the chin
I stroked my chin for a while and then had a brain wave (after looking at the working Ubuntu setup). Created a virtual host entry (the file on the Mac helpfully says that the first virtual hosts entry is used for all requests that don’t have a server name). This entry just has the same DocumentRoot as the main Apache config and no server name setup. Now we get it works! for localhost.
Even more stroking chinwards
I noticed that Apple helpfully create a directory called Sites (why upper case? leave that for another day). I put this into my document root for the virtual host I was trying to create, with a simple index file that says “hello”. It worked.
Moved it to another directory in my home. It didn’t.
What?
I ran the ls -l command (finder just doesn’t cut it GUI people) and got this:
drwx------+ 4 francisfish staff 136B 29 Mar 20:28 Desktop/
drwxr-xr-x+ 6 francisfish staff 204B 2 Apr 16:33 Sites/
drwxr-xr-x 2 francisfish staff 68B 2 Apr 18:09 devwork/missed out lots of stuff for brevity.
Notice the cheeky little ‘+’ next to Sites? The manual pages for ls helpfully say that the + means there is extra security information, possibly an access control list. I still haven’t worked out how to show this information, either in Finder or the command line, but at least I now know it’s there. The manual claims that the flag @ will give this info – if it does it makes it the same colour as the background. Leave that for another day.
This isn’t the same as the Unix sticky bits, oh no, I know about them and they made no difference, neither did giving write access to the world on the devwork or project directories.
Moved the devwork folder underneath the Sites one and it started working.
Is this really a solution?
Frankly no. I’m working for someone who has provided me with an identical MacBook Pro. Set this up yesterday it worked first time. Will have to compare the machines and think about it. Need to find out how the hell you look at these access control lists. Might be because I’m running File Vault on my own machine, but if it is then the Sites directory shouldn’t work either.
In any event, at a pragmatic level, after wasting most of a working day, I can now do what I wanted to do this morning. All is well.
