My favorites | Sign in
Project Home Downloads Wiki Issues Source
Search
for
theGuide  

Featured
Updated Aug 30, 2009 by rob....@gmail.com

a step by step guide for successfully building your .mac replacement.

Introduction

This document details all steps to take for successfully building your .mac replacement.

The staircase

Step 1

Set up your server

Setup a basic Linux/Unix server; configure hostname and ip-address. Install Perl. Either install a build environment, or fetch precompiled packages for Apache httpd here (available shortly). In case you decided to compile your own Apache httpd server, fetch the source code and the (Patches) quota patch (from this site), patch, configure, compile. Install Apache httpd.

Any OS specific notes can be found here

Step 2

Configure your webserver

Fetch the code/folders (here) from svn. All code (/server) assumes, it'll end up in /var/www/dotmac/ This'll guarantee a minimal configuration effort.

A special .conf file was provided (here) in addition to your standard httpd.conf. This file ((Configuration) dotmac.conf) must be edited. Especially the ip-address for your ssl host needs to be specified. In most linux distros it should end up in /etc/httpd/conf.d or /etc/apache2/conf.d

Step 3

Set up you scripts

mod_perl needs to be installed with your webserver. mod_perl is available as package for most popular linux distributions.

  • All folders except ./dotmac/private should be owned by the user/group apache runs as.
(nobody, apache, www-data)
  • ./dotmac/private contains both server certificates and the .htdigest (user/password) databases for admins and users.
  • ./dotmac/private/iDiskUsers should be writable by the user/group apache runs as.

The perlmodules have a few dependencies; they're easily installed from CPAN:

perl -MCPAN -e 'install HTTPD::UserAdmin'
perl -MCPAN -e 'install MD5'
perl -MCPAN -e 'install XML::DOM'
perl -MCPAN -e 'install HTTP::DAV'
perl -MCPAN -e 'install XML::LibXML'

Note: For XML::LibXML to compile, you will need to make sure that the development package for libxml2 in installed

Step 4

Setting up hosts on your client machine(s)

www.mac.com
syncmgmt.mac.com
idisk.mac.com
configuration.apple.com
lcs.mac.com
certinfo.mac.com
delta.mac.com
notify.mac.com
publish.mac.com
homepage.mac.com

should all point to your server. You can either do this by editing /etc/hosts on your client machine(s);

###.###.###.### www.mac.com syncmgmt.mac.com idisk.mac.com configuration.apple.com lcs.mac.com certinfo.mac.com delta.mac.com notify.mac.com certinfo.me.com publish.mac.com homepage.mac.com
###.###.###.### www.mac.com. syncmgmt.mac.com. idisk.mac.com. configuration.apple.com. lcs.mac.com. certinfo.mac.com. delta.mac.com. notify.mac.com. publish.mac.com. homepage.mac.com. certinfo.me.com.

or by setting up your own DNS server.

Step 5

Create your first user(s)

A skeleton is provided for new users; create /var/www/dotmac/username, and copy everything in /var/www/dotmac/skel/ to /var/www/dotmac/idisk/username/

for testing purposes, a test user has been provided: l/p testuser/dotmac

dotmac.conf has been completely re-written in perl. It automatically creates (.conf) locations for users, with quota specified.

This requires the use of idiskAdmin; http://configuration.apple.com/idiskAdmin

idiskAdmin is password protected (l/p admin/dotmac); users should change these credentials asap.

htdigest /var/www/dotmac/private/iDiskAdmins idisk.mac.com admin

For now, idiskAdmin just sets/edits quota and username/password; the skeleton still needs to be copied by hand. New users/changes will be reflected upon server restart (graceful).

Step 6

Check(s)

By now you should be able to k (from the finder on a client machine) to http://idisk.mac.com/username (if not, try looking at your apache error logs, and adapt your configuration)

this is to be repeated for all (new) clients: Point your (safari) browser to https://idisk.mac.com/username You will be challenged with an untrusted certificate - actually this is the certificate you do want to trust. Examine the certificate, and drag the icon of the certificate to your Desktop (or any folder of your choice). Open /Applications/Utilities/Keychain Access, and (if necessary, tick the button 'Show Keychains' at bottom-left) By now you should see a menu 'Keychains' in the top-left. Tick the 'login' entry. Drag the certificate (from whereever you put it when dragging it from your browser) in the pane where all other certificates reside. Locate it (in the pane) and double-click it. Change the trust settings to 'always trust'. After Logout/Login - check (pointing your browser https://idisk.mac.com/username) if the certificate is trusted. If so... you're done!

Enjoy the magic, when choosing your .mac preferences pane from your system preferences !

Looking over the edge

Current status

10.4 "Tiger"

  • .Mac prefpane
  • iSync support
  • iDisk
  • iDisk sync
  • Backup

10.5 "Leopard"

  • .Mac prefpane
  • iSync
  • iDisk
  • iDisk sync
  • Backup

(note - currently there's no interoperability between 10.4 and 10.5 sync clients)

Operating Systems Verified

Users reported the following Operating Systems Working:

  • CentOS 5
  • Fedora Core 5, 6, ..., 10
  • Debian 'etch'
  • Ubuntu 'Edgy Eft' (6.x), 'Feisty Fawn' (7.x), 'Hardy Heron' (8.x)
  • freeBSD
  • Solaris 10
  • Leopard Server
  • NSLU2 (with some tweaks)

please continue reporting!

Updates for the binary release (0.5)

some files were edited after the binary release - so these have to be updated by hand:

Global Hints

  • A common pitfall seems to be the SSL host. Due to the nature of Apache HTTPd SSL hosts, it's not possible to use Name-Based Virtual Hosting to identify different SSL hosts. Some linux distros configure a SSL host upon installing Apache; this host needs to be deleted for enabling ours. If you need more SSL hosts; you either need to use separate IP addresses for different SSL hosts, or (DNS) alias the new hosts within ours. (In the latter case, edit ./dotmac/private/extensions to your needs, and use signKey.sh to create a new certificate).
  • Our virtual hosts on port :80 are Name Based Virtual Hosts. If you need to specify more, you might want to have a glance at the Apache Manual.
  • Perl modules are only compiled (once) at server startup. When updating perlmodules over svn, make sure issuing a (apachectl) graceful/restart.
  • Do use the Issues tab; both users and developers are helping each-other out there.
  • The certificate we ship has expired. You can create a new certificate by running the script 'signKey.sh' in /var/www/dotmac/private (don't forget to restart apache afterwards). Running this script will enable all dotmac hosts we use (from the file 'extensions'). Good practice would be creating your own certificate of course (and using signKey for enabling the dns hosts from 'extensions').

Continue Reading

Comment by acorre...@gmail.com, Jan 20, 2008

It would be nice to have minimum hints about configuring BIND9 to spoof dotmac's domains without breaking access to all the rest of apple's domains.

I think BIND9's install and setup as a caching server is already well described out there, just to save time by making a quick guide focused on dotmac's particular setup.

Thanks and congrats for your work!

Comment by ryans...@gmail.com, Jan 30, 2008

Setting up BIND to do this would not be difficult. Set up a normal caching server, but in your named.conf create master zones for example like www.mac.com or configuration.apple.com (rather than mac.com or apple.com) and then just put a single A record pointing to dotmac in that zone.

Comment by jea...@gmail.com, Feb 13, 2008

To get http://configuration.apple.com/idiskAdmin working on a server with multiple IPs, you need to edit the .conf file, change all the "*:80" to "$dotMacIPAddress:80" and remove the NameVirtualHost *:80 line, presuming you allready declare the vhost for your IP.

With minor tweaks like this, it can be made to work on a Plesk-based server rather simply, as long as you give it a dedicated IP address.

Comment by si...@psycholicious.net, Feb 18, 2008

With apache 2.0.x, I needed to skip the DAVSATMaxAreaSize options in the entire setup and remove it from the dotmac.conf in order to make it work.

If you use this on a multi site server by the way, you can just use dotmac.conf as a site conf in sites-enabled/sites-available.

Wonderful project, seems to work very well if you rtfm.

Comment by project member walin...@gmail.com, Feb 18, 2008

@mrsixer - although parts of the solution work without DAVSATMaxAreaSize (setting quota), other parts won't! Backup.app will not work without quota support, nor will the majority of the iLife suite we're currently working on. There is at least one known Apache 2.0.x install with quota support ( from OS_specific_notes )

Comment by jea...@gmail.com, Feb 21, 2008

One problem some people could have connecting to their dotMac servers is that if they're behind a proxy, the proxy will use its own DNS to find the server, breaking the HOSTS change. This is especially prevalent on nanny-like proxies that use look-up tables to block certain sites. Make sure you're not behind a proxy before complaining that you can't connect.

I look forward to the iPhoto/iWeb support. Congratulations on an excellent project.

Comment by bart.j.j...@gmail.com, Feb 29, 2008

It is suggested to install perl MD5 but from CPAN I read this: "The MD5 module is depreciated. Use Digest::MD5 instead."

So it might be usefull to adopt Digest:MD5 instead for MD5.

Comment by pendorbo...@gmail.com, Apr 19, 2008

One minor problem I ran into, and the fix:

No matter what URL I tried, my Apache logs showed an error like:

client denied by server configuration: /var/www/dotmac/configuration/idiskAdmin

The fix (found at http://lists.freebsd.org/pipermail/freebsd-questions/2005-October/101002.html) was to remove the following bit from elsewhere in my Apache configuration. I use Gentoo which tends to spread it's Apache config all over creation. In this case, the offending bit was in /etc/apache2/modules.d/00_default_settings.conf

Just commenting this out & restarting made things start working:

<Directory />
AllowOverride? None Order Deny,Allow Deny from all
</Directory>

Comment by norc...@gmail.com, Apr 22, 2008

Woh! This realy works very well, good work!

It was only an hour setting up, but had some problems in the progress on Debian etch: - Some of the Perl install commands failed, fixed by using apt-get instead of the perl command - Didn't want to compile Apache, so removed the quota stuff, just like mrsixer above - Don't forget to restart Apache after every config change :)

Just donated a little, keep up the good work!

Comment by plawre...@gmail.com, Apr 23, 2008

Nice job guys, this is a great piece of software. Took me a couple of hours to get it running on Debian etch, I may contribute the steps I took to get it working, and the Parallels image I have of it.

I'm looking forward to iPhoto/iWeb/etc support.

Comment by lonewolf...@gmail.com, Dec 5, 2008

It's working great on Leopard but... is MobileMe? for Windows supported? If yes, how can I redirect WinXP to my dotmac server (i.e. the equivalent of editing /etc/hosts in Windows)?

Comment by project member kurtzm...@gmail.com, Dec 5, 2008

lonewolf1870: You can find your hosts file in c:\windows\system32\drivers\etc\ on windows. Hopefully everything else works!

Comment by project member kurtzm...@gmail.com, Dec 15, 2008

FYI - It looks like Apple "tweaked" some of the MobileMe? features with 10.5.6: http://support.apple.com/kb/HT3248

I noticed that OS X now tries to periodically contact aosnotify.mac.com (which apparently is related to the Jabber protocol which is being used to "push" new mail notifications to the iPhone, but now might also be used on OS X), and m3.mac.com.

Anyone try to decode any of the payloads?

(also, while I'm commenting - I'd love to see the traffic exchange between the iPhone and MobileMe? for syncing, which is different from the OS X exchange. If anyone can help out, it would be great!)

Comment by carsten....@googlemail.com, Dec 18, 2008

The server certificate stored in SVN is expired. You need to generate a new one by running signKey.sh and restart Apache.

Comment by Ident...@googlemail.com, Dec 19, 2008

@kurtzmarc: Have a look at http://samj.net/2008/07/apple-iphone-20-real-story-behind-push.html for decoded XMPP-pubsub Messages.

Apple uses openfire as a messaging Platform to its MobileMe?-Clients.

Sync differs for Mac-Clients, iPhone and Windows MobileMe? Extension. We should overcome this and at least for me it has a higher priority than iLife-Support. I am very interested in Push-Mail-Support, which I currently realize with z-push.

Comment by project member walin...@gmail.com, Jan 1, 2009

@ kurtzmarc & IdentDee?, try dropping me an email. We are in desperate need for developers here.

Comment by Alkp...@gmail.com, Jan 4, 2009

@walinsky: i'm not perl expert but i have strong expertise in C++, linux, php. I might be able to help

Comment by project member walin...@gmail.com, Jan 9, 2009

@Alkpone try dropping me an email as well

Comment by atonh...@gmail.com, Feb 11, 2009

Hey all, Can I help you with the iphone sync somehow?

Comment by project member walin...@gmail.com, Feb 12, 2009

@atonhawk Try installing from the iLife branch first.. this'll be our starting point for developing iphone sync support. Once you've got that sorted out - try contacting the developers. Kurtzmarc's main focus will lie on iphone sync support.

If/when there's anything you would like to share - try opening a new issue

Comment by lonewolf...@gmail.com, May 12, 2009

One very important question: somebody was able to crack the machine on which I set up the Mobile Me service, I think because of the service itself but I'm not sure.

I used that machine to synchronize passwords, calendars, bookmarks, ecc. The question is: is the password synchronization encrypted? I guess (and hope!!!) so, hence my passwords should be safe...

For calendars and bookmarks I think they are not encrypted, but this is not such a big deal.

Comment by zieg...@einklickdruck.de, Aug 18, 2009

Got it working on debian lenny and clients 10.5.7 and 10.5.8.

Comment by StephenD...@gmail.com, Nov 15, 2009

Happy to report system running on Centos 5 server with Snow Leopard 10.6.2 clients. However, I do not know how to patch up Apache 2.2.3 with the ampquotefix.patch and quota.patch since I am NOT a unix guru. I have had to comment out the

# DAVSATMaxAreaSize => "$userquota",

If somebody can give clear instructions how to do that it would be great. Then I might try the Snow Leopard branch - scary.

Comment by gqwil...@gmail.com, Mar 4, 2010

must enable the following apache2 modules in Lenny dbd authn_dbd rewrite

Comment by mailmanh...@gmail.com, Feb 26, 2012

How would i patch apache with the ampquotefix.patch and quota.patch?


Sign in to add a comment
Powered by Google Project Hosting