Leopard Server Switch Part 1

I think now I’ve got everything in place from the switch to the Leopard server OS, so it is now time to document. If you’re not a geek, ignore the next few posts. 🙂

The first thing I did was make sure I had a backup of my data. I not only had a complete backup of my previous server files, but also the latest backups of the mysql databases for wordpress, etc.

I did a basic install of Leopard server, but excluding extras like printer drivers and language fonts as I didn’t need those. I did make sure to install X11 as it is a requirement for macports which I’ll talk about later. The install went without a hitch, so then it was time to do the updates. There are at least 2 GB of updates after clean install of 10.5.0 Server that bring it up to 10.5.8.

With all the updates in place it was time to select the services that I want to run on the server. OS X server comes with several loaded out of the box and it is just a matter of enabling them(checking a box) in the Server Admin utility. I started of by enabling web(apache), mysql (wordpress database), mail (for administrative messages), and afp (for file sharing and Time Machine backups). This makes them show up in the left hand pane in server admin and you can now configure them before starting the actual service.

MYSQL

The first thing I did with mysql was setup the root password. This can be done in server admin under the mysql settings. Once the password was in place I dropped to a command line. I first recreated a blank database with the command

mysqladmin -u USERNAME -p create DATABASE

Once the database was created I then imported my backup file with this command

mysql -u USERNAME -p DATABASE < FILENAME.mysql

One thing I noticed with the default mysql settings was it was a bit slow connecting to the database when loading wordpress. I modified the my.cnf file which on Leopard Server is located in /private/etc/my.cnf with the following settings

key_buffer = 384M
max_allowed_packet = 16M
table_cache = 1024
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_type = 1
query_cache_limit = 1M
query_cache_size = 20M

Once these settings were changed to take advantage of the extra RAM in the server the connections were much faster.

Web

Because I wanted to use Apple's Server Admin utility, I wanted to stick with their build of Apache, but you can always download and install your own. I did find Apple's php module pretty limiting though as it was missing a few extensions that wordpress, gallery2, etc needed. Rather than download and configure my own I found a preconfigured module that had everything I needed. To install just leave the default php module unchecked in the web server settings and install the package from the site. Two other apache modules I made sure were enabled, was mod_rewrite (for better wordpress urls), and mod_deflate which enables compression for smaller files to be sent from the webserver.

With those settings in place it was time to setup the various sites I host. You just click on the sites tab in server admin and then the + to add a site. I specified which network adapter the site should use, pointed it to my wordpress directory, disabled file listings for security reasons, and allowed overrides so it would use my .htaccess files that I have setup. I repeated the same steps for each site. With those settings in place I tested my site and it came right up. I had to fix a few paths in the wordpress settings since they had changed locations from my old linux server to a new one, but other than that everything appeared to have worked.

Mail

With google apps now handling my email needs the only thing I needed was to setup the smtp service to deliver server system messages and WordPress messages. I used a similar setup as before by using gmail as a relay. I found another guide that helped with the process. Mirrored below.

You might want to use Google apps mail or Gmail for your outbound SMTP server on on your Apple Macintosh running Mac OS X Leopard 10.5.2. Postfix can be configured easily for this and then scripts and applications can send mail outside your Apple computer. There is no need to configure the server portion of SMTP (smtpd), just configure the smtp client. You do not need to create any certificates either. You can use the anonymous ciphers but you will need to validate the Google Thawte certificate presented in the TLS handshake. This post will show how to do it.

First create /etc/postfix/relay_password with the server name, email account name and password as shown below. This cofiguration works with Gmail accounts as well as with Google hosted personal domain email accounts. It also works with both Google smtp servers shown below. You will most likely need to preface all these commands with "sudo" to gain the needed privileges.

smtp.googlemail.com youremail@gmail.com:yourpassword
smtp.gmail.com youremail@googlehosteddomain.com:yourpassword
Then use postmap to create a .db file.
postmap /etc/postfix/relay_password
Make sure the map is ok with
postmap -q smtp.gmail.com /etc/postfix/relay_password
You will need to retrieve the Thawte Premium Server CA from https://www.verisign.com/support/roots.html.

unzip -j roots.zip
cd /etc/postfix/certs
openssl x509 -inform der -in ThawtePremiumServerCA.cer -out
ThawtePremiumServerCA.pem
c_rehash /etc/postfix/certs
Now you are ready to configure postfix. Add these lines to the bottom of /etc/postfix/main.cf

relayhost = smtp.googlemail.com:587
# auth
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options = noanonymous
# tls
smtp_tls_security_level = may
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
Test now by using /usr/bin/mail to send an email. You can check /var/log/mail.log to see if it worked without errors. Leopard enables postfix by default. Launchd watches a directory and will startup when the test email is sent.

You may need to let postfix re-read the config files. Use launchctl to stop the process. It will automatically restart and read the config edits.
sudo launchctl stop org.postfix.master

Time Machine

One of the few main reasons I wanted to switch to the Leopard server/xserve, was to allow Time Machine backups over the wireless network rather than having to plug in an external drive to each mac in the house. This was quite easy to setup. I plugged the external drive into the Xserve, enabled AFP service, and setup a share point to the root of the external drive. In the server admin tool go to the share point settings and click Enable as Time Machine backup destination. I created a user on the xserve specifically for Time Machine backups and made sure it had read/write permissions to the drive.

To allow the drive to be seen on the local computer just connect to the drive with afp://ipaddress and mount the time machine share. Now you can go into the Time Machine settings on the computer, click choose backup disc, and the network drive will show up.

This is the end of part 1. This post has taken me longer to complete than I originally thought, so I'm going to put the rest into a 2nd part.

Leave a Reply