Brad Micallef
Level 1 (0 points)

Q: Public web page hosting help

Dear Apple Community,

 

I graciously request your assistance.

 

I am trying to use a public domain (cleanei.com) that I own to access a OS X Server hosted web site on my internal iMac.

 

Here is the basic setup:

 

CleanEI.com [name servers pointed at DynDNS] [ping maps properly to the Time Capsule's assigned IP]

     |

Internet Service Provider

     |

Time Capsule (Airport) [Personal Web Service: ports 443 & 80 forwarded to static iMac IP address]

     |

iMac w/ OS X Server [DynDNS, IP updater is running, web site is excessable on internal nework using cleanei.com]

 

The problem ... from the outside (uaing my 4G connected iPhone no wireless) I cannot resolve the website.

 

I am receiving a 502 bad gateway error.

 

I am pretty sure I am missing something very basic (firewall, etc) configuration.

 

Any help is greatly appreciated!

 

Brad

Posted on Aug 17, 2012 11:34 AM

by Rambling Man,Solvedanswer
Rambling Man Rambling Man
Level 1 (35 points)
A:

Just checked again and if I use https://70.190.196.139 I can get to your server and see the self signed cleanie.com certificate and the std server home page, if I use https://www.cleanie.com I can also get to the home page, so the secure (port 443) is working.

 

However I can not get a response on port 80 or access your sever using http://70.190.196.139 or http://www.cleanie.com so if your sure the port forwarding is set up and you have enabled the access to the std (port 80) in the website tab on the server.app then your ISP must be blocking port 80.

 

I would recommend checking the settings on the server all, the positive side is that your DNS resolves correctly and cleanie.com does resolve to 70.190.196.139 so your further forward

Posted on Aug 18, 2012 11:17 AM

Close
Brad Micallef

Q: Public web page hosting help

  • All replies
  • Helpful answers

  • by Rambling Man,

    Rambling Man Rambling Man Aug 17, 2012 1:34 PM in response to Brad Micallef
    Level 1 (35 points)
    Aug 17, 2012 1:34 PM in response to Brad Micallef

    I think you need to setup the DynDNS on your time capsule not the server

    Take a look at AirPort Utility (under the edit button on the 'time capsule' tab in ver 5.6)

     

    Let me know if you need more details

  • by Brad Micallef,

    Brad Micallef Brad Micallef Aug 17, 2012 2:00 PM in response to Rambling Man
    Level 1 (0 points)
    Aug 17, 2012 2:00 PM in response to Rambling Man

    Rambling Man,

     

    Thank you for responding.

     

    To clarify the DynDNS Updating software is running on my server (the iMac) ... it is telling the DynDNS server the public facing IP of my Time Capsule (as of this posting: 70.190.196.139).

     

    If you ping cleanei.com, you should get the same public facing IP address.

     

    I am pretty sure this is working properly.

     

    My iMac is assigned a static internal IP address of 10.0.1.x.

     

    On the Time Capsule I have reserved the 10.0.1.x IP address, and have set up port forwarding in the Time Capsule to direct public and private TCP traffic on port 80 and 443 to the 10.0.1.x IP.

     

    ... still no joy :-(

     

    Brad

  • by Rambling Man,

    Rambling Man Rambling Man Aug 17, 2012 2:45 PM in response to Brad Micallef
    Level 1 (35 points)
    Aug 17, 2012 2:45 PM in response to Brad Micallef

    Ok, i've just tried pinging the IP and that's working, but a port scan didn't reveal any open ports

    Is you server an upgrade from Lion Server or a new install?

    The reson i'm asking is the old Lion firewall could be running and blocking ports, see http://support.apple.com/kb/HT5413 for that issue.

     

    Can you try a port scan from a computer on your local network using the Network Utilitys App in the applications/other folder and see if you get a response on 80 and 443.

     

    Let me know how it goes

  • by Brad Micallef,

    Brad Micallef Brad Micallef Aug 17, 2012 3:07 PM in response to Rambling Man
    Level 1 (0 points)
    Aug 17, 2012 3:07 PM in response to Rambling Man

    Rambling Man,

     

    Just headed out of the house ( my wife is driving :-) ) ... I will dig into this as soon as I get home in a few hours.

     

    NOTE: This is a brand new machine, pre-installed with 10.8 and a fresh install of OS X Server.

     

    When I looked at IPFW earlier there was only one rule that was something to the effect of: 65xxx allow all IP traffic.

     

    Under System Preferences > Security > Firewall I have enabled the firewall, but have not made any modifications.

     

    The "Block all ports" and "Stealth Mode" are both UNchecked.

     

    ... be back soon!

     

    Brad

  • by Brad Micallef,

    Brad Micallef Brad Micallef Aug 18, 2012 5:03 AM in response to Rambling Man
    Level 1 (0 points)
    Aug 18, 2012 5:03 AM in response to Rambling Man

    From inside my network, port 80 appears to be open.

     

    From outside my network, no ports are open.

     

    I am begining to wonder if it is my ISP.

     

    I'll call them in the morning for "support". (not holding my breath for their help)

     

    Brad

  • by Rambling Man,

    Rambling Man Rambling Man Aug 18, 2012 8:24 AM in response to Brad Micallef
    Level 1 (35 points)
    Aug 18, 2012 8:24 AM in response to Brad Micallef

    It might be worth trying port 443 as I don't thing your ISP would block that.

     

    Also I have a time capsule and the port mapping doesn't always stick especially if I do it using the server.app so it might be worth rechecking it.

     

    Previously I've done this by putting an old router 'in front' of my time capsule and seeing what ports are visible.

  • by Brad Micallef,

    Brad Micallef Brad Micallef Aug 18, 2012 9:17 AM in response to Rambling Man
    Level 1 (0 points)
    Aug 18, 2012 9:17 AM in response to Rambling Man

    On my TimeCapsule I have ports 80 and 443 openned now, and restarted the device.

     

    Internally, my port scan (range 79 thru 444) returns the following:

     

    Port Scan has started…

     

    Port Scanning host: 70.190.196.139

     

               Open TCP Port:           80                         http

               Open TCP Port:           139                        netbios-ssn

               Open TCP Port:           443                        https

    Port Scan has completed…

     

    Looks good!

     

    When I go external (hotspot via iPhone 4G) I get the following:

     

    Port Scan has started…

     

    Port Scanning host: 70.190.196.139

     

               Open TCP Port:           80                         http

               Open TCP Port:           443                        https

    Port Scan has completed…

     

    Encouraging!!!, but when I attempt to open the url in a browser (http://www.cleanei.com) I get:

     

    Response Error.

    Technical description:
    502 Bad Gateway - Response Error, a bad response was received from another proxy server or the destination origin server.

     

    No Joy :-(

     

    Fair to say then that this not a TimeCapsule or ISP issue afterall???

     

    Thoughts?

     

    Brad

  • by Rambling Man,Solvedanswer

    Rambling Man Rambling Man Aug 18, 2012 11:17 AM in response to Brad Micallef
    Level 1 (35 points)
    Aug 18, 2012 11:17 AM in response to Brad Micallef

    Just checked again and if I use https://70.190.196.139 I can get to your server and see the self signed cleanie.com certificate and the std server home page, if I use https://www.cleanie.com I can also get to the home page, so the secure (port 443) is working.

     

    However I can not get a response on port 80 or access your sever using http://70.190.196.139 or http://www.cleanie.com so if your sure the port forwarding is set up and you have enabled the access to the std (port 80) in the website tab on the server.app then your ISP must be blocking port 80.

     

    I would recommend checking the settings on the server all, the positive side is that your DNS resolves correctly and cleanie.com does resolve to 70.190.196.139 so your further forward

  • by Brad Micallef,

    Brad Micallef Brad Micallef Aug 18, 2012 12:30 PM in response to Rambling Man
    Level 1 (0 points)
    Aug 18, 2012 12:30 PM in response to Rambling Man

    Rambling Man,

     

    Thank you for helping me narrow this down.

     

    Knowing that it is the ISP blocking port 80, I will simply demo my site on the https:// (443) for now.

     

    That solves my immediate issue.

     

    I'll either switch ISPs/Plans, or buy an SSL for the longer term.

     

    Thank you again!

     

    Brad