Active Directory Domain

I am trying to set up a custom domain through my mac mini for a simple web server. I fully admit I'm new to this, and could very well be barking up the wrong tree. But my goal is to host my very simple web app on my mac using my purchased domain.

I have tried to go through the directory utility in system settings, put my domain in the Active Directory Domain: section, when I click "Bind" it asks for a Network Administrator username and password. Domain.com where I bought the domain said it was through my internet provider. My internet provider said it was my router. My router says it can bind to my mac no problem, and yet, no matter what passwords I try or enter in the Network Administrator section, it does not let me bind my working website to this domain. Please help.

Mac mini (M1, 2020)

Posted on Mar 25, 2023 4:59 PM

Reply
Question marked as Top-ranking reply

Posted on Mar 26, 2023 9:17 AM

Antonio is correct. Active Directory binding has nothing to do with hosting a web site.


Since you state you are new to this, let's run through a couple of basic points.


1: You have "purchased" a domain. For context of this reply, let's say that it is falindur.com.

2: You have a Mac mini and presumably you have enabled Apache web services and are able to load the site either from the Mac mini or from another device on the LAN by hitting the IP address. For context of this reply, let's say your LAN subnet is 192.168.0.0/24 and your Mac mini is currently at address 192.168.0.10.

3: You have an internet provider (your country has not been defined but note that if you are in the US you will likely not be able to accomplish what you want on a residential service - more on that below) and the ISP have provided you with a router.


That seems to sum up the basics. Now, how does this all work?


First, you need to understand the difference between your LAN and the WAN. Your Mac mini is on your LAN (your home network). Use a web browser and go to https://whatismyip.com to determine what your public (WAN) address is. Note, if you are on a residential service that obtains this address over DHCP, then the WAN address will change over time. This will make maintaining public access to you site more complicated and you will need to look into a Dynamic DNS service. For the context of this reply, let's say your public address is 17.18.19.20.


Now that you have the public address you can log into your domain registrar and create a DNS A record for your web host. For example, the URL www.falindur.com would be pointed to your public address of 17.18.19.20. If you also want the apex record (falindur.com) to point there, you will likely need to modify an existing record, usually starting with an @. (Many DNS provides differ slightly and some may already have www as an alias to @ - understand your DNS before making changing and call support if you don't understand)


The steps above tell the world how to route to your web site. Ah, but since you have a router, you will need to create a port forward as the router should be designed to block all unrequested traffic. Basically, what you need to allow is your router to permit traffic on ports 80 and 443 to pass through to your Mac mini at address 192.168.0.10. Each router is different so there is no way to show how this is done. You likely will be able to gain access to your router by going to its IP address. Many ISP routers will have the username and password written on the device. Commonly the address will end in .1 and you can figure out what it is by going to System Preferences/Settings > Network on the Mac mini. Look at the value in the router field for the router address.


As mentioned, if you are in the US, you likely will not be able to do this if you have a residential service. Many ISPs block web and mail ports to prevent residential customers from running "business" services. And even some business services block them initially, requiring you to request enablement.


Also, as mentioned above, if your internet service is a dynamic service, then your public address will change over time. If this happens, then your public address will no longer be 17.18.19.20. When this happens, the value you entered into your DNS will no longer be valid and visitors of the site will not reach it. This can be overcome with using a dynamic DNS service. This usually requires running an agent on the host that constantly monitors for the change to your public (WAN) address. When one is detected, your DNS is automatically updated. This ensures that regardless of what your ISP is doing, the site will be accessible. Some routers have DynDNS options built in. Investigate your router.


Now this gets to the next point. Please be aware that the modern web is a "secure web." All of the major browsers will prevent access or warn users when visiting an insecure http:// site (port 80). Ideally, you will want to purchase an SSL certificate for your site to ensure visitors are not told the site is insecure. You will need to generate a certificate signing request (CSR) on the Mac for the domain (domains) you want to protect. If you are doing falindur.com and www.falindur.com you likely should get a wildcard/multiple domain cert. Since there is no interface for web services on Mac any longer, you will need to manually configure the Apache config files to enable/add https.

Similar questions

3 replies
Question marked as Top-ranking reply

Mar 26, 2023 9:17 AM in response to Falindur

Antonio is correct. Active Directory binding has nothing to do with hosting a web site.


Since you state you are new to this, let's run through a couple of basic points.


1: You have "purchased" a domain. For context of this reply, let's say that it is falindur.com.

2: You have a Mac mini and presumably you have enabled Apache web services and are able to load the site either from the Mac mini or from another device on the LAN by hitting the IP address. For context of this reply, let's say your LAN subnet is 192.168.0.0/24 and your Mac mini is currently at address 192.168.0.10.

3: You have an internet provider (your country has not been defined but note that if you are in the US you will likely not be able to accomplish what you want on a residential service - more on that below) and the ISP have provided you with a router.


That seems to sum up the basics. Now, how does this all work?


First, you need to understand the difference between your LAN and the WAN. Your Mac mini is on your LAN (your home network). Use a web browser and go to https://whatismyip.com to determine what your public (WAN) address is. Note, if you are on a residential service that obtains this address over DHCP, then the WAN address will change over time. This will make maintaining public access to you site more complicated and you will need to look into a Dynamic DNS service. For the context of this reply, let's say your public address is 17.18.19.20.


Now that you have the public address you can log into your domain registrar and create a DNS A record for your web host. For example, the URL www.falindur.com would be pointed to your public address of 17.18.19.20. If you also want the apex record (falindur.com) to point there, you will likely need to modify an existing record, usually starting with an @. (Many DNS provides differ slightly and some may already have www as an alias to @ - understand your DNS before making changing and call support if you don't understand)


The steps above tell the world how to route to your web site. Ah, but since you have a router, you will need to create a port forward as the router should be designed to block all unrequested traffic. Basically, what you need to allow is your router to permit traffic on ports 80 and 443 to pass through to your Mac mini at address 192.168.0.10. Each router is different so there is no way to show how this is done. You likely will be able to gain access to your router by going to its IP address. Many ISP routers will have the username and password written on the device. Commonly the address will end in .1 and you can figure out what it is by going to System Preferences/Settings > Network on the Mac mini. Look at the value in the router field for the router address.


As mentioned, if you are in the US, you likely will not be able to do this if you have a residential service. Many ISPs block web and mail ports to prevent residential customers from running "business" services. And even some business services block them initially, requiring you to request enablement.


Also, as mentioned above, if your internet service is a dynamic service, then your public address will change over time. If this happens, then your public address will no longer be 17.18.19.20. When this happens, the value you entered into your DNS will no longer be valid and visitors of the site will not reach it. This can be overcome with using a dynamic DNS service. This usually requires running an agent on the host that constantly monitors for the change to your public (WAN) address. When one is detected, your DNS is automatically updated. This ensures that regardless of what your ISP is doing, the site will be accessible. Some routers have DynDNS options built in. Investigate your router.


Now this gets to the next point. Please be aware that the modern web is a "secure web." All of the major browsers will prevent access or warn users when visiting an insecure http:// site (port 80). Ideally, you will want to purchase an SSL certificate for your site to ensure visitors are not told the site is insecure. You will need to generate a certificate signing request (CSR) on the Mac for the domain (domains) you want to protect. If you are doing falindur.com and www.falindur.com you likely should get a wildcard/multiple domain cert. Since there is no interface for web services on Mac any longer, you will need to manually configure the Apache config files to enable/add https.

Mar 26, 2023 3:15 AM in response to Falindur

Active Directory is a Microsoft server based network environment product. You may not have been aware of it at the time but when you were at school/college/university you would have been using it (more than likely) to login to PCs etc whilst attending classes.


Using the Bind option in Directory Utility is pointless and will not work because what you've purchased is not an Active Directory domain. Put simply it's a routable domain that can be used for web, mail, ftp etc services you wish to present on the internet.

Mar 26, 2023 9:17 AM in response to Strontium90


So, at this point, is this really worth it when you can go to a Squarespace, Wix, and many other site providers and let then do all the work for you? Apple is not in the business of providing server solutions. If you are not an experienced web server admin, you might not want to take this on. You are already invested in the mini. But to get this to work, you will likely need to add the cost of the DynDNS service (which will be a subscription) and the cost of the SSL cert (which will need to be renewed each year or so). It may be more cost effective to let someone else host your site.


Hope this is clear and helpful. There are a lot of moving parts to make this work.


Reid

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Active Directory Domain

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.