a few questions for beginner with leopard server

[twoodcc]

so i had a few questions about it:

first, do i really need a static ip address? i know there's that dns site out there, but will it work with leopard server?

also, do i need to pay for a domain name, or can i use the dns site from above for my domain name? (sorry i forgot the web address)

and if i can do these things, my web site with the blog, wiki, and calendar will work from anywhere?

another question: say i have a mac pro and airport extreme. the mac pro has 2 ethernet ports. do i plug the internet into the airport, and then plug the mac pro into the airport? or do i plug the internet into the mac pro, and then from the mac pro to the WAN port of the airport? (hope that makes sense)

thanks in advance

 

[Random Chaos]

1. You should be able to use a dynamic IP without a problem.

2. You will need a domain name (or at least an artificial one for inside a NAT) if you plan to set up everything. For instance, once you set up LDAP, you can't change your domain name (not even the machine name), or it breaks. Found that out the hard way.

3. Yes...that's the whole point of it as a webserver - it's all authenticated logins...well...except the Wiki. The wiki never asks for the password, just the username. No clue why not.

4. Depends how you want your network setup. Do you want a router running NAT for your LAN? If so, you'll have to forward ports to the server if you plan to have it host web stuff. Otherwise you can set up the server as your LAN's DHCP server using the 2nd Mac Pro ethernet port for your LAN. Of course, you could be planning an even more complex setup .

5. Also, don't delete the default SSL certificate...deleting it seems to like breaking the iCal server until you do some manual fixes to tell it to use the new certificate. Nothing in the control panel lets you change it's certificate.

 

[twoodcc]

1. You should be able to use a dynamic IP without a problem.

2. You will need a domain name (or at least an artificial one for inside a NAT) if you plan to set up everything. For instance, once you set up LDAP, you can't change your domain name (not even the machine name), or it breaks. Found that out the hard way.

3. Yes...that's the whole point of it as a webserver - it's all authenticated logins...well...except the Wiki. The wiki never asks for the password, just the username. No clue why not.

4. Depends how you want your network setup. Do you want a router running NAT for your LAN? If so, you'll have to forward ports to the server if you plan to have it host web stuff. Otherwise you can set up the server as your LAN's DHCP server using the 2nd Mac Pro ethernet port for your LAN. Of course, you could be planning an even more complex setup .

5. Also, don't delete the default SSL certificate...deleting it seems to like breaking the iCal server until you do some manual fixes to tell it to use the new certificate. Nothing in the control panel lets you change it's certificate.

thanks for the reply.

so i do want a domain name. the question is: do i have to buy one to have access to my web site? or can i use the dynDNS service for free?

so i'm guessing i'll want to use the airport for the DHCP stuff, since i'm still learning all of this. wouldn't that be the easiest way?

 

[trainguy77]

so i'm guessing i'll want to use the airport for the DHCP stuff, since i'm still learning all of this. wouldn't that be the easiest way?

Use DHCP for the rest of your network. But your server needs a static internal IP. Or the port forwarding will break.

 

[ogee]

I would also suggest that if you have to ask such basic question, you probably shouldnt try to run a server on the internet. You are asking for problems. There are hackers out there who can break in faster than you can recognize a problem.

Im not being nasty,just talking from experience.

Despite Apples "it just works" for the server it doesnt. Its hard to set up unless you know what your doing. After spending several weeks trying, I gave up.

By all means try setting up the server for inside your home office whatever, but dont connect it to the internet until you are 100% sure you know what your doing.

 

[MacPomme]

Hi, my name is MacPomme and I'm an OS X Server newbie.

For what its worth, I've now got OS X Server 10.5.1 running quite well on a G4 Mac Mini in Advanced mode. I found two resources exceptionally helpful:

1. The post by Antonio Rocco about 5 down from the top of this thread: http://discussions.apple.com/thread.jspa?threadID=1251475, and
2. Spending $25 and using the online video tutorials available at: http://movielibrary.lynda.com/html/modPage.asp?ID=373

Rule #1 through 10 of OS X server appear to be get DNS right.

My only question now relates to Software Update Server and "how much" it will really download the first time it is run ...

Hope this helps, OS X Server is worth it with a bit of research first.

Cheers
MacP
http://www.macpomme.com

 

[twoodcc]

Use DHCP for the rest of your network. But your server needs a static internal IP. Or the port forwarding will break.

yeah, i think i've got that now. thanks

I would also suggest that if you have to ask such basic question, you probably shouldnt try to run a server on the internet. You are asking for problems. There are hackers out there who can break in faster than you can recognize a problem.

Im not being nasty,just talking from experience.

Despite Apples "it just works" for the server it doesnt. Its hard to set up unless you know what your doing. After spending several weeks trying, I gave up.

By all means try setting up the server for inside your home office whatever, but dont connect it to the internet until you are 100% sure you know what your doing.

i know what you mean. but i gotta learn somehow, right?

 

[twoodcc]

Hi, my name is MacPomme and I'm an OS X Server newbie.

For what its worth, I've now got OS X Server 10.5.1 running quite well on a G4 Mac Mini in Advanced mode. I found two resources exceptionally helpful:

1. The post by Antonio Rocco about 5 down from the top of this thread: http://discussions.apple.com/thread.jspa?threadID=1251475, and
2. Spending $25 and using the online video tutorials available at: http://movielibrary.lynda.com/html/modPage.asp?ID=373

Rule #1 through 10 of OS X server appear to be get DNS right.

My only question now relates to Software Update Server and "how much" it will really download the first time it is run ...

Hope this helps, OS X Server is worth it with a bit of research first.

Cheers
MacP
http://www.macpomme.com

thanks for the links. i'll check them out

 

[x19]

I would also suggest that if you have to ask such basic question, you probably shouldnt try to run a server on the internet. You are asking for problems. There are hackers out there who can break in faster than you can recognize a problem.

Im not being nasty,just talking from experience.

Despite Apples "it just works" for the server it doesnt. Its hard to set up unless you know what your doing. After spending several weeks trying, I gave up.

By all means try setting up the server for inside your home office whatever, but dont connect it to the internet until you are 100% sure you know what your doing.

I've got to say I can't agree with this mentality. I see it time and time again, don't run a server if you don't know what you're doing...well, how are you supposed to learn then?

A better piece of advice would be, "Running a server can be very complicated. Until you are confident that things are up and running reliably and securely, you may want to refrain from putting any critical data up there."

 

[crackpip]

I've got to say I can't agree with this mentality. I see it time and time again, don't run a server if you don't know what you're doing...well, how are you supposed to learn then?

A better piece of advice would be, "Running a server can be very complicated. Until you are confident that things are up and running reliably and securely, you may want to refrain from putting any critical data up there."

I agree with this, too. As an addition to the 'refrain from putting critical data up', you should probably keep the server on an internal network or at least use the firewall to block outside access to your services.

For example, use your airport as your main router/NAT and firewall, then have the external network interface of the server connect to the airport. Then you set-up the internal network on the server. This allows you to experiment without opening yourself up to security issues. It also gives you more control over the server's external ip information. Things like not having reverse-dns association (which isn't provided by dyndns.com) can cause problems with some of the services. Finally, if you screw something up on your server, you can still get online with a different machine.

When you are experienced enough to make your server available to the outside world. You would connect your internet directly to the server. Then connect the airport to the internal network interface and turn off DHCP on the airport. Alternatively, you could keep your server internal and use port forwarding on your airport to enable outside access to specific services.

crackpip

 

[edesignuk]

You don't need Leopard Server just to run a web site. Apache is built in to standard Leopard.

All you need is an account with something like dyndns.org and an update client for it to run on Leopard (to tell dyndns when your IP address changes).

 

[twoodcc]

thanks for the feedback guys.

You don't need Leopard Server just to run a web site. Apache is built in to standard Leopard.

All you need is an account with something like dyndns.org and an update client for it to run on Leopard (to tell dyndns when your IP address changes).

yes, i know this, and i'm trying this now on leopard client, with no luck. i think my isp blocks port 80

 

[twoodcc]

ok, so i finally got the website up with the dnydns service on the leopard client. when i setup the server, what do i put in as the domain name? the same thing i put in the dyndns account?

 

[edesignuk]

OK, I'll explain this as best I can, let us know where you slip up.

• Make sure Web Sharing is enabled in Sharing Prefs
• Forward Port 80 on your router to your mac running Web Sharing.
• Get a domain from dyndns.org. Call it whatever you like. Get an OS X update client to automatically update dyndns when your IP changes.
• For your website to work when someone goes to your domain (http://yourdomain.dyndns.org) you need to put your site files in /Library/WebServer/Documents (I think, not at my Mac so I can't check, 99% sure though).
• Otherwise if you use your personal Sites folder in your home directory people will have to go to http://yourdomain.dyndns.org/~YourOSXShortName/

Think that's it.

 

[twoodcc]

OK, I'll explain this as best I can, let us know where you slip up.

• Make sure Web Sharing is enabled in Sharing Prefs
• Forward Port 80 on your router to your mac running Web Sharing.
• Get a domain from dyndns.org. Call it whatever you like. Get an OS X update client to automatically update dyndns when your IP changes.
• For your website to work when someone goes to your domain (http://yourdomain.dyndns.org) you need to put your site files in /Library/WebServer/Documents (I think, not at my Mac so I can't check, 99% sure though).
• Otherwise if you use your personal Sites folder in your home directory people will have to go to http://yourdomain.dyndns.org/~YourOSXShortName/

Think that's it.

thanks, i think i finally got this part down. the next step is to use this with OS X server. i guess what i made on dynsdns.com is a hostname. so i will use that as my hostname on the server when i set it up

 

[ranjeetsodhi]

Great help here guys.

I am not a novice and have been running my personal website (and mail server) on a shared host for years. Used to run a in house web and mail server on Windows 2000 (OMG... yes I know!) till it got hacked.

Just bought a new Mac Pro and a 10 client Leopard Server. Want to run my own website and mail server from the Mac Pro. I have a static IP with Rev. DNS set up (OptOnline business).

Any pointers on how I can go about setting this up securely? Additionally, any suggestion on wether the Mac Pro would be better off sitting behind the Apple Extreme or directly connected to the Internet? I can always use the Mac Pro as a geteway and connect the Airport extreme to the second network port on the mac for my internal private network.

 

[trainguy77]

Any pointers on how I can go about setting this up securely? Additionally, any suggestion on wether the Mac Pro would be better off sitting behind the Apple Extreme or directly connected to the Internet? I can always use the Mac Pro as a geteway and connect the Airport extreme to the second network port on the mac for my internal private network.

I would recommend putting the Mac Pro behind the extreme as this way if there is a flaw in the firewall in OS X it doesn't matter as all ports are blocked except the ones with services you want on them.

 

[ranjeetsodhi]

I would recommend putting the Mac Pro behind the extreme as this way if there is a flaw in the firewall in OS X it doesn't matter as all ports are blocked except the ones with services you want on them.

Guess that makes perfect sense... I was originally thinking that it may have an impact on speed. The Airport Extreme has a flaw in that it's WAN port speed drops to approx 33Mbps if you turn on the NAT on the router. But I guess thats still a lot faster than my OptOnline upload speed of 5 Mbps.

Any recommendations on security - books or articles that walk one through hardening an OS X server?

 

[trainguy77]

Any recommendations on security - books or articles that walk one through hardening an OS X server?

Well an OS X web server is just apache. So anything that applies to apache applies to OS X. So just google apache security. This is an example of some things you can do. http://www.petefreitag.com/item/505.cfm