1 2 Previous Next 23 Replies Latest reply: Feb 21, 2013 7:41 PM by ajm_from_WA
Robster de Popster Level 1 Level 1 (0 points)

Hi, I am setting up my OS X Server 2.2 for my small biz (or at least trying to) and I run into a couple of probably very basic questions.

 

I've already set it up recently with a .private and VPN but then my Time Capsule/Router died. Now with a new TC and the brilliant idea that I want to host my own website, I am a bit lost in what I need and how to make it work.

 

(what I already have done: spent days on the phone with apple care, but they do not give advise in how to set up/ read apple server texts/ watched hours and hours of screencasts)

 

  1. Do I need to change my host from a .private to a .com if I want to start using the domain I bought for hosting my company's website?
    1. When I do that, do I need to completely reconfigure my settings to make services work?
  2. Is it necessary to link the services I want clients to use on my server, to a website or could they also use VPN that I set up for them?
    1. Could I for instance have a login on my website for accessing services, or is VPN safer/easier?
  3. I am trying to get a dedicated IP address from my service provider for my website, but they have what it seems problems in doing so (Enter stage left: 'Ahaaa Moment) Or is the IP address my router gives my server enough to keep my website and my services accessible by remote networking clients?
    1. if so, this would save me 240 Swiss Franks/yr
  4. Anyone any experience with transfering a domain purchased on namecheap.com to my own server? And to add an external SSL to my certificates?

 

Any information welcome and you'll have my deepest life long gratitude of course. (Would have baked you a cake, but you're probably too far away)

         

Thank you,

Rob

 

MBP mid 2010 / TC 4th Gen / mac mini OS X Server 2.2


OS X Server (mac mini)
  • 1. Re: Small biz: Stupid beginner Q's
    cdustonwebs Level 1 Level 1 (5 points)

    Big open questions.

     

    The internet is a network.  When people want to find web sites they use DNS; it resolves the site name (www.something.com) to an IP address somewhere on the internet network (like 210.67.80.90).  Much like the idea of someone looking you up in a huge addressbook to find out your street addressso they can deliver a physical parcel to you.  On the internet there are no double ups, everyone has a unique name and a unique address.  So they request starts with a name and gets "resolved" to a physical address.

     

    So if you want a web site to be seen on the internet (host) you will need to:

     

    a. Join the internet network and get an IP address; often termed a "public" IP address because the internet is a public network.  This "public" IP address was probably given you by your ISP and is the address you are using when you browse the internet.

     

    b. Get a DNS entry so when people look for your URL (www.something.com) they get your IP address to go to.

     

    How to achieve these big picture goals depends, there are different ways to do it.

     

    What you describe above is your own work or home network.  A MBP and a Mac Mini at least and they have IP addresses for the same reasons as I have described, so they can find each other in the network, albeit yours is a smaller network than the internet and not many things to find.

     

    But.  Your private home/work network and the internet network are separate networks and need to be joined together if they are to talk. When you "connected" to the internet you probably got a box they called an "internet router" or modem or similar.  The purpose of this router/modem/thing is to be a part of both networks, one side plugged into the internet and the other side plugged into your home/work network.

     

    In a small work/home situation this device does two jobs.  Obviously the joining together - but also to provide separationt.  We generally give that job of separation to a Firewall.  Just because I open my door to some people into my house doesn't mean I want any one to walk into my bedroom at any time.  By default this router/modem/thing was probably configured to allow everything out but nothing in. A one way door.

     

    So what you are asking is how to get this router/modem/thing to allow web traffic to my private Mac Mini where my web site is.  What kind of device is it?  Got a brand or model?

     

    Once you work out how to get the traffic in through your router/modem/thing safely (just that web traffic and only to the Mac Mini (if that is where the site is) that's job one done.

     

    Second, who has your DNS records currently?  A record will have to made there saying www.something.com means this IP address xyz.xyz.zyx.zyx (whatever it is).  If you got into the router/modem/thing it will probably have seen it in there.

     

    Your ISP might be able to help.

  • 2. Re: Small biz: Stupid beginner Q's
    Robster de Popster Level 1 Level 1 (0 points)

    Hi and thank you for your time and information cdustonwebs!

     

    Since last night I made some progress.

    * I set a dedicated IP for my server via my Airport Utility on my Time Capsule 4th gen (1 week old), since my ISP said they were unable to set one up for me. No idea why. 

     

    * On namecheap.com I gave in my IP and A (address) for both options; @, and the other one so I can prepare it for hosting my website and access to services for my clients.

     

    * Flipped the switch in Server for Websites and now can see my www.example.com in my browser. However this is on my local network. I can't find it on my iphone with wifi switched off. (working on that one)

     

    * I've 'punched' holes in my apple router (TC) firewall to allow different services like calender and website

     

    This is what I am unsure about at this moment:

    * I want to make my website available for 'the public' but keep my services for (local) network clients.

     

    - Do I reserve an IP address for my website that is different from my server? Or is that a stupid idea, because my server has/is just one entity?

     

    - I like to think that www.mycompany.com and server.mycompany.com are two different things and the first one is public and the latter for clients that can login over VPN. But I might be thinking in the wrong direction.

    Could I for instance have my SSL website and on there have clients login to Services on my server?

        

    So far I made a 'new SSL website' in the Website pane of Server and tried to use my server IP for my website. A sheet pops down, telling me that Wiki and Profile manager will not be available. So I chose the other IP address that was there (can't remember I made that one) and it accepts it.

     

    Thing is, when I close the Server program and re-open, the site is not available anymore (probably because it has no dedicated IP)

     

    thanks for the help!

  • 3. Re: Small biz: Stupid beginner Q's
    FromOZ Level 2 Level 2 (405 points)

    Lots of questions.... you need a good book.

     

    http://www.amazon.com/Apple-Pro-Training-Series-Essentials/dp/0321887336/ref=pd_ sim_b_7

     

    I can tell you already that it's unfortunate that you named your machine (host name) something.private. You likely will have to reinstall the whole machine. OS X Server (together with any Unix/Linux machine) really doesn't like having its' hostname changed.

     

    Question 3 easily managed by using a service like DynDNS (http://dyn.com/dns/) they also have a OS X client applet http://dyn.com/support/clients/mac/ which will update your dynamic IP address (forget about getting static IP from your ISP unless you want to pay €€€€€).

     

    Certificates — can be done, but should have been done ideally when you set the machine up. Again the hostname should change, which means running your own DNS server which means... reading the book and likely reinstalling the whole machine + OS X server.

  • 4. Re: Small biz: Stupid beginner Q's
    cdustonwebs Level 1 Level 1 (5 points)

    You don't need multiple IP addresses on your server.  The idea is you simply "tunnel" (allow) only those those services you want to share with the public from your router to the server (like http/https).  All other services should still be blocked from the internet (because there are no 'tunnels' on the router).  Make sure the "hole/tunnel" you make on the router includes services (like http or https) and not just IP addresses only.  If you told the router to tunnel one IP to another IP (inside) absent of services it might think you mean ALL traffic and not just http/https.

     

    Inside your network you should be able to still see everything on that server because your MBP doesn't travel through the router to get to the server.  It just yells across the room (through the switch/hub) which doesn't block anything.

     

    As for the two names, remember both www. and server. are both DNS names and when they get used (say in a browser) it is resolved to an IP address.  So the question really is what IP address(es) do these two names get resolved/changed to?  If you only have one IP address from your ISP then you can create as many names as you want but they all resolve to the one IP address.  So from a technical viewpoint a bit redundant.  You might do it anyway if you wanted to maintain appearances to customers (who won't see the IP is the same and might conclude you're a huge company).

     

    I am afraid specifically setting up web sites on different servers isn't my skill, I work in network level security.  Somewhere along the line the web site itself needs to know what public URL you are using so when traffic for www.site.com arrives it knows 'hey that's mine'.  Without that setup correctly I think the web site will think it's site URL is the machine name of the server.   But it's the same in large sites, they don't name the server www.server.com and anyway, that wouldn't work if you hosted six different web sites on one server - the server can't have six names all at the same time.

     

    Hope this helps.

  • 5. Re: Small biz: Stupid beginner Q's
    Robster de Popster Level 1 Level 1 (0 points)

    Hi Oz,

     

    ...... I feel something creeping up on me. Oh wait, it's called 'NAIVE'! Thanks for the wake up call.

     

    I had to re-install anyway because of the new Apple Router I got (other one crashed after 2 weeks) and now set it up for a .com. Saw your post a bit too late to save myself a static IP from my ISP but will surely check out your link.

     

    Called in the help of an Apple Reseller here in town to help out. I have my namecheap set up correctly now and my SSL is in place. Now trying to get my own mail online.

     

    Will indeed go out and buy a book instead of calling the hotline for $4/min.

     

    thank you for your wise words and kicking me back into reality. Although I have been reading and watching screencasts (ToddOlthoff.com is brilliant) for hours, this is not something you have to take on the light shoulder.

     

    thanks again, Rob

  • 6. Re: Small biz: Stupid beginner Q's
    ajm_from_WA Level 1 Level 1 (10 points)

    i've been trying to use OSX Server since October for my dermatology clinic.  Its been a terrible experience.  I've hired 3 different apple consultants, but none have been able to set it up or keep it running.  I will be switching to windows soon i'm afraid. 

     

    It might be worth swtching now before you get into this too deep.

  • 7. Re: Small biz: Stupid beginner Q's
    FromOZ Level 2 Level 2 (405 points)

    ajm_from_WA wrote:

     

    i've been trying to use OSX Server since October for my dermatology clinic.  Its been a terrible experience.  I've hired 3 different apple consultants, but none have been able to set it up or keep it running.  I will be switching to windows soon i'm afraid. 

     

    Sadly that is a bit of an indictment against Apple, understandable you say it though.

     

    Many people underestimate what it means to install and maintain OS X Server, they think it is like the end user OS X but it is not. The difference between the end-user OS X and the server OS X is that on the end-user platform Apple writes and controls applications and people never really see the (vicious if mistreated) Unix OS underneath. To reuse a phrase Unix/Linux does "not suffer fools lightly".

     

    When one gets into the server though you're dealing with hard-core Unix/Linux applications written by Unix geeks who most likely equate Apple to the witch in Hansel & Gretel. All these applications are written and act independently and it takes skill, time and effort to be able to manage them.

     

    Having said all that I would say also that I don't believe any of those 3 Apple 'consultants' you hired really had proper experience with Unix/Linux/OS X command line & Unix/Linux applications & OS X Server.

     

    I would still choose OS X Server over Windows if I had a Mac installation — it would be good if Apple supported OS X Server better though.

  • 8. Re: Small biz: Stupid beginner Q's
    Robster de Popster Level 1 Level 1 (0 points)

    Hi there,

     

    I can surely understand your frustration with the process and the disapointment in your consultants. Not to mention the costs you must have had.

     

    I listend wisely to FromOz and went out to get the book he mentioned. And as he points out above, also I had the foolish notion that it would be a short 'Click & Go' moment. Although I've spent a lot of hours on watching screen casts and manuals on Apple (which are NOT updated to 2.2 yet... Naughty Apple Inc.!) and getting quite 'intimate' with my Server by now, I do believe this is a necessary process if you want to do it yourself. As I wanted to do.

    From the upside, I am learning something that I never thought I'd learn and to speak in Oprah-terms; 'I've gained a lot of respect for folks working in IT'

     

    I think it would be a bummer if you would change back to the W-side, because I know that it IS possible. During a former job, I saw a group of Neurologists have their own Mac network inside a hospital W-invironment.

     

    However, I agree with you that the services for SMB are a bit 'hard to find'.

     

    I do wish you can find a soul that can really help you out and make it work for you. As we did not choose to become server specialist ourselves, but run a business. Success with your clinic! 

  • 9. Re: Small biz: Stupid beginner Q's
    ajm_from_WA Level 1 Level 1 (10 points)

    apple certainly misrepresents OSX Server as being something that a business owner could install and maintain, that is for sure. 

     

    unfortunately, here in the Seattle area, all the unix geeks were apparently run out of town by microsoft

     

    already bought that OSX Server book.  Its been somewhat helpful

  • 10. Re: Small biz: Stupid beginner Q's
    Robster de Popster Level 1 Level 1 (0 points)

    Luckily I found myself one here in Bern, Switzerland at an Official Apple Reseller. The first time I called them, one of their staff immediately transfered me to a colleague when I mentioned the word 'Server'.

    But that CHF 3,13/minute was worth it because he was very, very quick in helping me out via remote-view and telephone and it looked that he really knew what he was talking about.

     

    If I call them again, I'll ask if he is from Seatle (or if he wants a summer job there)

  • 11. Re: Small biz: Stupid beginner Q's
    ajm_from_WA Level 1 Level 1 (10 points)

    based on my own hourly rate, i've put in about $25-$30,000 of my time on this.  $4/minute would be a bargain at this point.

  • 12. Re: Small biz: Stupid beginner Q's
    Robster de Popster Level 1 Level 1 (0 points)

    that's what I thought as well.

    As I said earlier, I didn't set out to become an full-on expert but an entrepreneur. One that has to have understanding up to a certain point, but not wanting to go the whole nine yards to get there. Indeed our time is precious.

  • 13. Re: Small biz: Stupid beginner Q's
    FromOZ Level 2 Level 2 (405 points)

    ajm_from_WA wrote:

     

    unfortunately, here in the Seattle area, all the unix geeks were apparently run out of town by microsoft

     

    Ha, that gave me a very funny mental picture

     

    Then you should get Bill Gates' kids held up for ransom in the evil witch's gingerbread house until all the Unix geeks can come back to Seattle. The evil witch of course being Richard M. Stallman — now there's a scary image!

  • 14. Re: Small biz: Stupid beginner Q's
    Robster de Popster Level 1 Level 1 (0 points)

    Just wondering how did you get to those specific consultants? Does Apple itself recommend 'bright folk around the corner'? Worth a try?

1 2 Previous Next