Authentication Status

A Guide to Creating a Web Server on macOS

Back to All Posts

A Guide to Creating a Web Server on macOS

Date:

A Guide to Creating a Web Server on macOS

One of the most rewarding projects for any developer is setting up a personal web server. It provides a sandbox for experimentation and a platform to showcase your work. This very website runs on a local server, and in this post, I'll walk you through the key steps and important caveats of setting one up on macOS...

The Core Components

Our setup relies on a few key pieces of software:

  • Apache: The web server software that listens for requests and serves your website's files. While many use Homebrew's version, I found success using the native macOS Apache located at /usr/sbin/httpd for a simpler, integrated setup.
  • PHP: The scripting language that allows for dynamic content, like processing the contact form on this site.

The Privileged Port Problem

A common hurdle when setting up a local server is dealing with network ports. Web traffic runs on standard ports: 80 for HTTP and 443 for HTTPS. However, on Unix-like systems such as macOS, ports below 1024 are "privileged," meaning only the superuser (root) can bind to them.

Running your web server as root is a major security risk. The standard, secure practice is to run Apache as an unprivileged user (like _www) on non-privileged ports (e.g., 8080 and 4443).

The Solution: Router Port Forwarding

So how do we access our site via standard URLs without running the server as root? While using the built-in macOS firewall (pf.conf) is one option, I found a more direct path using my router's settings.

I configured my Verizon Wireless 5G Home Router to forward incoming traffic from the standard web ports to the high ports my Apache server is listening on:

  • Public Port 80 (HTTP) → forwards to my macOS IP on Port 8080
  • Public Port 443 (HTTPS) → forwards to my macOS IP on Port 4443

The final piece of the puzzle was permissions. To ensure Apache could read the website files without giving it full ownership, I set the permissions to tylerronek:_www. This allows my user account (tylerronek) to easily edit files, while the Apache group (_www) has the read access it needs. The result is a fully functional web server that starts automatically on login.

This approach is great because:

  • It's Straightforward: Using the router's graphical interface can be simpler than editing system configuration files.
  • It's Effective: It cleanly separates the public-facing ports from the application ports, which is a good security practice.
  • It's Stable: Once set, the configuration is persistent and "just works."

Setting up a local server is a fantastic learning experience. It gives you a deeper understanding of the infrastructure that powers the web and provides a powerful platform for your development projects.