macOS Sierra Hates Web Development

OS X, Sever Administration, Technology

Or so you would think, given the number of hoops one jumps through on El Capitan and up versus, I don’t know, any other OS!

The main annoyance, which I first encountered on El Capitan, is how port 80 and 443 are treated very specially. You just simply can’t be trusted with them so OS X has gone out its way to make responding to requests on these ports rather tricky. In short, the OS’s firewall rules, which I have not yet found a way to completely circumvent, will not let the host respond on this port unless the hostname localhost is used. I do not see how that is added security because you typically have to go through a little trouble to get your host to be recognized by other names.

The people who do this a lot are web developers who have a million different projects running on their computer and need to access them all by different server names. You typically do this by adding entries to your hosts file. If you do this in macOS Sierra, you can ping those hostnames and reach yourself, but if you use httpd via homebrew, or even the built in one I’m guessing, your Virtual Host configs won’t be picked up on if they are listening on port 80.

You’ll have to add a Listen directive to your config that makes the web server listen on other ports, like 8080. Then, you can add a firewall rule via pfctl to redirect requests on port 80 to 8080 and 443 to 4443 by following this great advice in the Run with Port 80 section. Essentially, you’ll create plist config that runs when the system starts to add the firewall rule. Then in your Virtual Hosts configs, you’ll want to listen on 8080 and 4443 and the requests will be redirected to 80 and 443 so that you can use normal URLs.

Another odd thing web developers will notice on El Capitan and macOS Sierra is that all loopback addresses, except 127.0.0.1 have been disabled. Normally the first eight or sometmes the first thirty-two bits of an IP address are preserved for a loopback network so that the later octets can be used for host addresses, allowing you to have more IPs that refer to your computer than you would ever need. You’ll notice if you ping anything over 127.0.0.1 on the newer Mac OSes, there will be no response. You’ll have to explicitly create an alias from the other loopback IPs to your ethernet adapter with a command like the following:

sudo ifconfig lo0 alias 127.0.0.2 up

Then you can freely refer to this IP like you would normally expect.

One thought on “macOS Sierra Hates Web Development”

  1. Thank you for writing this; I was pulling my hair out trying to understand why my VirtualHosts were not working; upon my figuring out that Apache was simply not even getting the requests, I was able to search and find your post which finally allowed me to figure out and fix the issue.

What say you?