Setting Up Mac Mini Server for Basic Operation

Note: This guide is targeted at OS X Snow Leopard Server, not Lion nor Mountain Lion. Lion setup is quite different, and the Server Admin has been (mostly) superseded by Server.app which provides far less features. I would not recommend upgrading to Lion unless you need the new features or is setting up a new server. The reason I am not upgrading yet is that the web-server administration in Lion is too simplistic for my needs and that MySQL has been replaced by PostgreSQL, so if I upgraded I’d have to set up and manage everything manually, essentially providing the same inferior user experience as Linux for me.

A couple days ago I wrote about how I set up my Mac Mini Server, or, that is, I really only wrote about how I set up the hardware.  In this post I’ll describe how I have set up the software.

I use the server for several purposes.  For some purposes a dedicated may seem a bit like overkill (especially since I also have a Time Capsule, which is able to do basic network configuration and file serving), but for some purposes a dedicated server is necessary.  Basically, I used my old server to act as

  • DHCP server,
  • DNS server,
  • Mail server,
  • database (MySQL) server,
  • subversion server, and
  • web-server.

In addition to these, it turned out to be so simple to set up, I also use the new server as

  • directory server,
  • address book server,
  • calendar (iCal) server, and
  • VPN end-point.

Let’s take these in the order I set them up.

Server Admin and Workgroup Manager

Server Admin OverviewFor the setup we are going to use (mostly) Server Admin and the Workgroup Manager from the Server Administration Tools. These can run directly on the server or from a remote machine.  I’m going to do the latter as I have hooked my computer up to an ancient 15″ CRT monitor, which makes an annoying sound when it is turned on.

When you start up the Server Admin, you get a picture like the one to the right (click for larger version).  We basically have an overview of servers (to the left) and a bunch of things we can do the currently selected server or service (along the top) and a pane to actually set the things (right area).  Right now, I have selected the server, and get a view of generic information about the hardware, software, and enabled services.  At the bottom I get a couple of graphs showing the load of the server in the last 24 hours (configurable), both the CPU load, the network traffic (it has a 1 Gbps network adapter) and the amount of free disk.

Let’s first set up the services, we wish – we go to the Settings pane and select Services (below).  We can now simply check the services we want.  Some will already be selected depending on which task you select for your server during installation/first boot of the server).  We select the desired services as well as AFS (file server, so it is easier to move files to the server) and Xgrid (so I can experiment with grids).  Windows users may also want to switch on SMB (Windows file serving).

Server Admin Service Overview

Address Book and Calendar

The first order of business is Address Book and Calendar.  Mostly because I got these without setting anything up myself.  All I did was removing any quota (as I only will be using this myself) and setting both up to use encrypted connections.

Address Book General SettingsAddress Book Authentication SettingsCalendar General SettingsCalendar Authentication Settings

Mail

Next up is the Mail server. This was also mostly set up automatically, and I only had to tweak a few options. I disabled SMTP (as I just use my ISP’s mail server), Junk mail filtering (I use client-side filtering), and quotas.  Furthermore I set it up to only use IMAP (nobody uses POP anymore) and allow connections using SSL (by setting a certificate).

Mail Enabled ServicesMail Disabled Virus FilterMail With Disabled QuotasMail With Enabled SSL Certificate

A really neat feature is that you can monitor the connections to the server by selecting Connections at the top.  On my server, currently two clients have connected:

Connections to Mail Server

Directory Server

Now that a couple of basic services are set up, let us start the Workgroup Manager and create a group and a user.  First, we create the group.  You probably need to log in as diradmin instead of using your normal administrator username to access the Workgroup Manager, so just start it up and log in.  Simply click New Group (top middle) in the Workgroup Manager.  You then get a fresh group that you can just fill in:

Creating/Editing a Group

Now, we have a group, and want to add a member.  This is the same procedure; select the users tab and click New User and fill in any required details.  I also add the user to the newly created group and set up mail.

New User Basic InformationNew User Group SetupNew User Mail Setup

Interlude: Server Preferences

Now we have set up a bunch of services, and I think I should also mention the Server Preferences tool, which is an easier overview to the simple settings.  Below, you can see the Server Preferences overview, settings for Address Book (they are nearly the same for iCal), settings for  Mail and various panels for setting up groups and users:

Server Preferences OverviewServer Preferences Address BookServer Preferences MailServer Preferences GroupsServer Preferences User OverviewServer Preferences Service AccessServer Preferences Group Associations

DHCP Server

I decided to set up the “real” services bottom up, so that the most essential services were migrated first.  This also happens to be in order of increasing complexity.  My DHCP server basically serves IP-addresses to unregistered computers from the network 10.0.100.0/16 and static addresses from 10.0.0.0/16 – 10.0.4.0/16 (depending on the type: 10.0.0.0 being servers, 10.0.1.0 my clients, 10.0.2.0 other clients, 10.0.3.0 mobile units, and 10.0.4.0 work computers).

First, setting up the subnets from which to hand out addresses is really easy; go to DHCP and Subnets and click on the plus.  Then fill in information about the subnet (as well as you gateway to the internet), and switch to the DNS tab to set the DNS server.  The picture shows the Mac Mini as DNS server, but during setup this was set to my old server and later changed once DNS was moved.  LDAP settings were ok and I don’t have any Windows machines, and therefore does not care about WINS.  The domain option of the DNS tab is for allowing machines to access each other as just coherent rather than coherent.westergaard.eu.

DHCP Subnet General SetupDHCP Subnet DNS Setup

Then comes the static maps.  There is the easy and the cumbersome way to do this.  I went with the cumbersome way, as I wasn’t aware of the easy one until after the fact.  The cumbersome way is to go to Static Maps and click Add Computer near the bottom and input the MAC address and the desired IP address.

List of Static DHCP MappingsCumbersome Way to Insert a New MAC to IP Mapping

The easy way involves going to the Clients tab, where you’ll see all machines assigned a dynamic IP address.  Simply click on a host and select Create Static Map near the bottom and, bam, it is created automatically.

List of Machines Assigned a Dynamic IPEasy Way to Insert a New MAC to IP Mapping

DNS Server

Setting up the DNS server is also easy, though a bit annoying for large registrations.  My DNS server only resolves a few internal domains and delegates the rest.  It also inly serves as internal DNS server, so I allow zone transfers, which probably shouldn’t be allowed on a server facing the internet.  To create a zone, go to DNS, Zones and click add zone.  You then select whether to create a primary or secondary zone from the drop down.  I only have primary zones.  You just need to set the name, administrator, name-servers, and MX records.

Creating a New Primary Zone

I don’t really care too much about expiration of the zone as it is internal.  Next up is adding machines to the zone.  Select the zone and click Add Record and select Add Machine from the Dropdown.  You can associate one or more IP addresses with each machine.  Also, the name can be relative (to the zone) or fully qualified, which is needed to give an address to the domain represented by the zone itself (so people can go to westergaard.eu instead of typing all of www.westergaard.eu).  Unfortunately there seems to be no data sharing between the DHCP and DNS server setup, so as soon as you want to change one, you are guaranteed to forget the other.

Relative A RecordFully Qualified A Record

Finally, we need to add some Aliases.  I usually give my machines meaningful names (to me, they’re chosen from concepts of category theory) and create aliases for services.  In this case, my web-server (www) is hosted on coherent, and my subversion server is hosted on the same as the rest of my web-server.  This is very useful for migrating services.

Alias (CNAME) Record Creation

Next up is the reverse mapping creation, or, not really, because the tool automatically creates these.  If multiple names map to a single IP, you may need to select the correct one, however.

Reverse (PTR) DNS MappingChosing Among the Available Reverse Mappings

The default settings for forwarding are reasonable (accept recursive lookups from local machines, forward to the root server).  I suppose you could add your ISP to the list of forwarder addresses.

Forwarder Settings

Database (MySQL) Server

Next up is the database server.  OS X ships with MySQL and as I have been using that until now, this was an easy choice.  The actual setup was easy – as soon as it is switched on in Services and started, it is running.  The only setup I has to do was setting it up to allow network connections:

Database Server Setup

The rest is just loading the data and using the new server.  This was also the problem, since all the users of the database (PHP scripts) had been hardcoded to use localhost, which, of course, is a problem when that is no longer true.

I set up a mapping for mysql.westergaard.eu. Then I modified MySQL’s settings to allow connections from % (connecting to localhost and connecting to mysql.westergaard.eu is not the same even if they are the same machine, as it is possible to use Unix pipes in the first case, whereas TCP needs to be used in the second). Then I went thru all my PHP-scripts and changed them to use the new name. Testing that all still ran.

Stor MySQL ExplorerNext up is the migration of data. Here mysqldump is your friend. It dumps an entire database into SQL code that can be loaded, at least, on another MySQL server. Most likely also on other servers as long as it is not too complex. I used the program Stor (left) to see which databases to dump (as I got it cheaply from The Mac Sale). Stor also comes with a dump mechanism, but it doesn’t seem to work very well, so I don’t recommend using it yet. As I had been running the database in 8-9 years, it did contain some stale data, and this was a nice opportunity to clean up a bit (only migrating 11 of 31 databases and cleaning up a couple gigabytes of cache stored in some of the remaining databases).

Of course, the layout of the permissions table had changed slightly, so a bit of MacVim regular expressions were needed before being able to load the user and db tables into the mysql database, but after that (and a quick DNS update), the database was migrated.

Web Server

Next up was the last major task, the web-server.  It hosts quite a few domains and uses some rather weird settings.  This is due to the fact that my old server has been running using a configuration file that has slowly evolved over 11 or so years.  Basically, new things have been added and old things have just been allowed to survive, while redirects have been added to direct people to new or old stuff appropriately.  Also, the server hosts around 10 domains (or used to, at least).  Let’s first look at the generic server settings.

Adding Content Handler for PHP3 Files I need to set up the server to handle .php3 files as PHP scripts as, when I started my old homepage, this was how you named PHP scripts. Then a couple years later, PHP4 emerged making the trend a bit old-fashioned. I do this by adding a content handler under Web, Settings, MIME Types (right).

Next up is configuration of modules.  It is imperative that you do not disable the HTTP proxy modules, as the server depends on these and fails miserably if you do.  Basically, only turn things on unless you know what you do and are prepared to handle a few misfits with the server.

Web Server Module Configuration

Now we want to configure our sites.  See, this is fun.  “Kick-me-in-the-groin and call me Hitler” kind of fun.  The configurator works most of the time for most of the things you’d want.  But it has bugs and some times fails miserably.  Let’s go thru the things that work first and mention some pitfalls when they are relevant.  I’ll mention some troubleshooting tools after going thru the basic setup.

Co to Sites.  An old default site mat already exist.  We don’t need that so just delete that by clicking on the minus.  Then click on the plus to create a new site.  If you’ll host more than one site, you need to enter a meaningful Host Name, otherwise default will do.  Choose where you put your files (Web Folder).  Most of the General settings should be fine.  Not that the Error Document is crucially important and so is the Document Root.  The server will silently fail unless you set them.  Fun, huh?

Web Server Site General Settings

Next up is the Options.  Chances are you need to tweak these.  Folder Listing is generally a bad idea (unless you also want WebDAV, which you wont unless you know what it is or use FrontPage).  CGI and SSI you’ll not need.  If you do, you’re doing something wrong.  Allow All Overrides should most likely not be turned on, unless you happen to use WordPress, which relies on this setting.  My settings are:

Site Options

Let’s ship Realms and go to Logging.  I’ve enabled both error and access logs.  The error log is needed for error-finding (duh 😉 ) and the access log is neat for generating visitor statistics, e.g., using Awstats.  I keep my access log forever (have done so for years) and archive the error log every 7 days (if I don’t discover a problem before, it’s not worth going thru old logs for).

Logging Settings

Next we can enable SSL.  You’ll need to make a copy of your web-site for this (in the Server Admin, not the files), so we won’t do this now.  You can use the two windows-thingy next to the minus to clone a site configuration.

SSL Site Settings

Next up is the bix bag of hurt, the Aliases settings (below, left).  They are used to assign more than one name to a server, to integrate another namespace into your server and to direct users to other servers.  The web-server aliases can contain alternate names.  To improve your ranking for search machines, I suggest not adding anything here (I’ll show later how to do instead).  Server Admin may, however, insist on adding an alias *, which matches everything, causing all below servers to not work. Nice, huh?

Alias SetupAliases allow you to share files between sites.  Server Admin automatically inserts 3 aliases, collaboration, icons, and error. I haven’t investigated what collaboration does, but icons contains file type icons used for directory listings and error contains error documents, and do no harm.

Next comes a bunch of custom redirects, which directs old liks to appropriate new or old pages. I prefer RedirectMatch as it allows me to use regular expressions. I basically write the old URL and the new URL. For simple examples, refer to the screenshot to the left, for some more intricate rules, see below:

More Interesting Alias Examples

I don’t use the proxy settings, so I won’t go thru them, but the web-services are interesting.  They allow you to set up some basic services on your web-site, sich as wikis, blogs, a web-calendar and a web-mail.  Simply tick the one you want, and click the little arrow to have the tool take you directly to your new service.

Web Services

Troubleshooting the Web Server

I have mentioned a couple problems (on the general tab and the aliases tab).  These I encountered problems with myself, and it was great fun.  The reason is that the web-server doesn’t notice this.  As soon as you click save, the web-server is automatically restarted.  You can also manually restart the web-server by clicking on Stop Web near the bottom left and then Start Web, which appears in the same place.  all may seem fine, but your server will not necessarily respond because Server Admin has generated code that Apache (the web-server included) will not accept.

I suggest that after making a change to your web-configuration, you go to a command line on your server (the easier way to do this is to click on the gear near the bottom left and choose Share Server’s Screen.  Then open a terminal (from Applications, Utillities) and type apachectl -t like this:

coherent:wp-content admin$ apachectl -t
Syntax OK
coherent:wp-content admin$

If there is a problem, you may be able to figure out what causes it by examining the output of apachectl.

It may also be interesting to know that the PHP settings hide errors rather than showing them (which surprised me, as I’ve always had it report the errors) and it has turned off short tags, causing some PHP code to break (that one was fun debugging without any error reports 😉 ).  If you want to change it, look at /etc/php.ini, in particular the settings display_errors, error_reporting, and short_open_tag.

More Advanced Web Server topics

If your site is known using multiple names, it is wise to collect them under a single name, as all links will be counted as going to the same site by search engines. Therefore all the other names should redirect to this name rather than just serving up pages. For this, I create a separate site with no enabled services:

Alias 1Alias 2Alias 3Alias 4Alias 5

The idea is to make the Aliases take care of everything for us, so we add web server aliases for all possible names for the server.  We can use wildcards (*) as desired.  We then add a RedirectMatch rule forwarding any page to the corresponding page to on the primary name.  that way, hello.world.klafbang.eu/2009/11/setting-up-mac-mini-server-for-basic-operation/ is directed to westergaard.eu/2009/11/setting-up-mac-mini-server-for-basic-operation/. In my setup, I spell out all alternate names for ny server and add a wildcard domain at the end directing everything. This is just to allow me to easily move the wildcard domain to another site if needed, as the other names will still work.

Alias Setup

Subversion Server

For setting up Subversion, I used this (archived) guide as starting point.  Is basically says enable all modules with svn in their names and create a site with a realm for your subversion repository.

Subversion OptionsUnfortunately, subversion does not play nice with the redirection rules of WordPress, so I instead set up a blank site, svn, for this.  I added redirects from the old server to the new server for /phd, /subversion, and /kurser (the three last redirects above before troubleshooting).  The settings are like for the alias site just above, except we enable WebDAV (right), and fiddle with the realms.  The guide proposes adding a realm for your subversion repository.  Unfortunately my setup is a bit more complicated, and I have more repositories and slightly more involved settings.  Rather that mucking about with that, I created three Realms:

Subversion RealmsSubversion Realm Editing

Then I save the configuration – I don’t bother with setting users/groups (you may want to add the users to have an example to go by).  Then you manually need to edit your site configuration in /etc/apache2/sites. The name depends on the order you created your sites, but contains the name of the site and should be recognizable – mine’s called 0008_any_80_svn.westergaard.eu.conf. Modify the <Location …> section(s) created. I have modified my /phd location to:

<Location "/phd">
        AuthType Digest
        DAV svn
        SVNPath /Library/WebServer/Subversion/phd/
        <LimitExcept GET OPTIONS PROPFIND REPORT>
                Require user  michael michael@COHERENT.WESTERGAARD.EU
        </LimitExcept>
        AuthName "westergaard.eu phd svn"
        Order allow,deny
        Allow from all
</Location>
<Location "/phd/trunk/review">
        Require user  michael michael@COHERENT.WESTERGAARD.EU
        Order allow,deny
        Allow from all
</Location>
<Location "/phd/trunk/old">
        Require user  michael michael@COHERENT.WESTERGAARD.EU
        Order allow,deny
        Allow from all
</Location>

I have added DAV svn (Server Admin is going to change that to DAV Off every time you make a change, so you’ll need to change that manually each time – fun) and SVNPath. I have put my Subversion repositories in /Library/WebServer/Subversion, next to the web-sites, but you are free to put them where you want, I guess. There was a >Limit …> directive, which I replaced by LimitExcept. This construction allows everybody to read my repository without a password. Adding the Order and Allow seemed to be neeccesary as well for me. The two additional <Location …> sections requires a password even for reading the specified locations (not everybody should be able to read my reviews or old stuff).

Summary

This concludes my brief overview of setting up a Mac Mini Server for basic operation.  I have gone thru most basic setting many will need and some settings few will need.  I have not gone thru my VPN and Xgrid settings as they are quite specialized and I have not even started using either yet, so I don’t know if they are set up correctly.  The server is also able to act as a firewall and as a Time Machine backup server, but I don’t have use for that (I have devices for both of these), so I haven’t investigated too thoroughly.

In conclusion, I can say that the Mac Mini Server is quite nice and fast for the price, and additionally it’s quite and uses relatively little power (110 W).  Also, It’s fairly cool that I’m able to transfer files from the server to my iMac at 40-50 MB/s 🙂

Edit: If you came here looking for information on setting up a VPN end-point or a file server, I’ve written a post on that as well.

22 thoughts on “Setting Up Mac Mini Server for Basic Operation

  1. Fantastic post!
    This is the information I needed to start with my first server, a Mac Mini Server. I should follow this hints to setup my future server.
    Thank you to share with us!

  2. Hi! Michael,

    I found difficult to start my mail server.
    I can send out mail from webmail, but I can’t
    receive mail from outside. Any problem on
    my setting? Can you adv. Tks!

    Patrick

    1. Hi Patrick,

      Firstly, you need to set a MX record in DNS to tell the world around you to direct mail to your domain to your server. Secondly, some ISPs block port 25 (used for mail) and require you relay the mail thru their servers. This is usually done by setting your own server as top priority and setting the ISP server using a lower priority. Check with your ISP for details.

      1. what if I just wanted to create a server so I can access all my music, pictures and videos from any computer or iphone in the house?

        I just bought a mac mini for my server, but haven’t bought the server software yet. I am just looking for a cheap solution and I apologize now I am completely dumb when it comes to networks and servers.

        Thanks in advance!

        1. You do not need any server software for that. The OS X server software is a separate, quite expensive, operating system. It is mostly used by small/mid-size companies for acting as internal server or for serving web-pages. Only a few weirdos (like me) get one for personal purposes (such as running this web-site). If you really think, you need OS X server, I suggest holding up for OS X Lion, which probably goes on sale this fall or early next year (just a guess). It contains the server functionality at no extra charge.

          For serving as a music server at home, by far the easier way is to use iTunes and iTunes sharing. That allows you to play music from any Mac/PC/iPhone/iPad/iPod Touch/Apple TV on the same network. You can also set up home sharing which allows you to additionally copy the music around different computers. iTunes also works for movie sharing. The only downside of this is that it only works if the music/movies are in a compatible format, which explicitly excludes Windows Media, Ogg Vorbig/THeora and DivX.

          For pictures, just use iPhoto. You can access local libraries the same way as with iTunes from any other Mac.

          If you run iPHoto and iTunes on the server, you can use either iTunes/iPhoto on all clients or you can use Frontrow for browsing everything from within one application.

  3. Hey Michael,

    Man, this is an awesome post. I just bought my first mac mini server yesterday. I have never set up a server, so I’m learning as I go. The problem I had with your post, was I had no idea what you were talking about. I wish you were able to walk me through set up. I don’t know anything about DNS or IP’s or servers. Any advice would be great.

    Thanks,
    Abram

    1. Hi Abram,

      Both are huge topics that cannot be easily conveyed. Basically, IPs function s the addresses of computers on the internet (think phone numbers) and DNS functions as the white pages in phone books (mapping names of persons to phone numbers), by translating names such as westergaard.eu to 145.120.13.213 (my current IP address).

      For the best understanding, I recommend reading a text book on networking (I’ve used Tannenbaum & Steen: Distributed Systems: Principles and Paradigms. Second Edition from Prentice Hall in my distributed systems course, but there are many others) or using Wikipedia as a starting point (e.g., http://en.wikipedia.org/wiki/Internet_Protocol).

  4. Michael
    Is there a way to setup where people can send email through the mac mini even though their isp’s block port 25?

    1. Hi Ron,

      Sure. It depends a bit on your usage scenario, though. Basically, I can think of three scenarios and they have to be resolved in three different ways.

      Scenario 1: You want to use the server on an intranet to send mail outside, but ISP is blocking outgoing traffic on port 25.
      This is a common scenario as many viruses set up a mail-server for spamming. To prevent this, the ISP blocks port 25 and forces you to go thru their mail-server. The fix is just to set up the Mac mini to relay thru the mail-server of your ISP. You’ll get an extra header, but your server handle everything. Set up a forwarder like this:

      Scenario 2: You want to receive mail for your domain form the internet, but your ISP blocks ingoing SMTP.
      This is equally common, even though I cannot see any obvious way to exploit incoming connections. Perhaps it’s easier just blocking in both directions? You cannot fix this without help from your ISP. Some ISPs are friendly enough and set up a forwarding mail server you can use. The idea is that you set your own server with the highest priority and their server with a lower priority. Clients on the internet will not be able to connect directly to your server, and thy the next on the list. The ISP server will then do the same, but is able to connect to your server. If your ISP does this, just set up DNS as here:

      If your ISP does not do this, you’ll need an external server which is ready to forward on another port or via SMTPS.

      Scenario 3: You want to send mail via your server from the internet (i.e., have a single mail-server no matter where you are).
      This is blocked by the same measures as in Scenario 2, but the solution is (can be) another. The easy solution is to enable VPN and just send externally as if you were at home.

      The other solution is to set up your server to use SMTPS, i.e., encrypted SMTP over SSL. As this cannot be abused, few providers block this (as outgoing SMTP is needed anyway for this to be abusable). Simply enable/require encrypted SSL and while you’re at it do the same for IMAP/POP. There’s really no reason not to use encrypted connections. SMTP over SSL runs on port 587 or 465, so you’ll need to have these ports open. SMTPS cannot (as far as I know) be used to receive mail in a standard way. Set up encryption here:

  5. Hi Michael,

    Have difficulty finding out how to change am/pm to 24t in the wiki calendar, do you have no idea how to do it?

    1. I can see why that is… I cannot find a setting, and even rummaging around in the code does not reveal anything. The wiki server themes are located in /Library/Application Support/WikiServer/Themes, which contain some localization entries, but even altering these does not seem to change anything.

      I must say, though, that the wiki server is fairly limited, and unless you plan to use it using an OS X directory, I suggest switching to a more powerful wiki server, such as MediaWiki (used by Wikipedia), which is easy to set up and use on OS X (it uses MySQL, which is pre-installed on OS X). You should even (though I’m now just speculating) be able to get MediaWiki to authenticate against a OS X directory, as I’ve previously successfully made MediaWiki integrate with LDAP, which is also used by the OS X directory service. LDAP support requires a separate plug-in for MediaWiki.

  6. Hi Michael,

    First of all, thanks for posting this. Very helpful.

    Second, I wanted to get your thoughts on setting up a couple “remote” Mac Mini servers as I have zero experience setting up servers. Essentially, I have 2 Mac Minis sitting at a friend’s house that share an internet connection through a 4-port DSL modem. From my home, I want to be able to SSH into each of these servers independently, using a root account for each server. A) Is this possible? B) Being that the ISP assigns a single static IP for the DSL connection, how can i also assign an IP address for each server that will resolve over the interwebs when I try to hit them from home via SSH?

    Any insights would be awesome – thanks!

    1. Hi Chris,

      Glad you liked my writeup.

      It is definitely possible to set up multiple servers behind one modem. You should be aware of some restrictions, though.

      First, in OS X, you don’t use root accounts, but administrator accounts. They are basically regular users who has the ability to escalate their privileges. For the most part, as long as you’re in the GUI, there is no difference, but ass soon as you are in the shell, there are things you cannot even do as an administrator (looking at other administrators’ files, e.g.). You can circumvent this by using “sudo bash” in the shell, which gived you a “real” root terminal. Don’t do that unless you know what you are doing, though, as you can completely destroy your system by mistake like this.

      Second, regarding having multiple computers sharing the same external address. That is possible, but with some restrictions. Let’s assume you have two computers sharing a single public address (so you have an internal IP for each and they use NAT to share a single external addfress). In order to get to a service on a computer, you need to know it’s address (IP) and the port number of the service. Web-servers typically run on port 80 and ssh servers on port 22 (and so on for many pre-defined services). If you type in an address, like westergaard.eu, it is translated to the IP of the correct web-server, which is then automatically contacted at port 80. It is possible to run web-servers for two DNS names running on the same server, using some magic in the HTTP protocol (the client tells the server which one it wants; for example westergaard.eu and lfpedia.com point to the same IP but different sites). You cannot, however have two servers serving separate web-sites from the same external IP. An IP and a port is routed to a particular machine. You can circumvent this by running web-servers on different ports, so you contact, say, www1.westergaard.eu and www2.westergaard.eu:81, where the 81 indicates that the web-server does not run on the standard port 80, but instead on port 81.

      You can do something similar with ssh. Simply run the sshd daemon of different ports, say 22 for the “main” server and 2222 for the secondary (port 23 is used for telnet and while this is rarely used anymore, using it for ssh may get you a bunch of unwanted attempts at breaking in via telnet). You can use any port you want and most clients will understand this – use the -p switch for the terminal ssh client. Then set up your firewall/router to forward ports individually based on port number. On my old firewall, part of my service setup is:

      where 10.0.0.20 is my server and 10.0.1.2 is my desktop. Here my web-server is sent to my server whereas ssh is sent my desktop. You can also send the same service to different machines, but not using the same external port.

      If you prefer not to have different external ports, you can just have one “main” machine and ssh to that. From that machine, you can then reach the others on your internal network.

      I have (almost) always gone with the last solution, as remembering weird port names for each machine becomes a pain.

      I should say you also have a third, secret, option. It is to internally use IPv6 and have a router that understands one of the IPv6 over IPv4 tunneling protocols (6to4 is the most popular one today). You then have 16 billion billion IP addresses for your machine (from just one external static IPv4 IP). Assign each internal machine an IPv6 address from that prefix and have your machine correctly router 6to4 traffic (all Apple routers do this correctly). This of course requires that each machine you want to use to connect to your internal network had access to IPv6 (natively or via a 6to4 gateway), which is the biggest problem. I used to use this solution (though using an older tunneling mechanism called 6bone), and it works well. It is by far the most advanced one to set up, though.

      Finally, you should ash yourself that if you need multiple servers that all should be accessible externally if it is not really worth it getting a real hosting solution with separate IP addresses for each. More often than not, the limiting factor is not the server but the internet connection. My site is hosted at home on a single Mac Mini on a 10/10 Mbit/s connection and my Mini is still also acting as internal server, including eyeTV server, and is running at 10-20% load.

      1. Thanks so much for the info. I’ll probably try the approach of routing a port to a specific server and then accepting SSH only on this port with the proper account credentials. As to why we’re not using a hosting solution, well, we have hosting right now through slicehost and EC2 but the cost is becoming prohibitive for the type of server resources that we need – low RAM/high CPU intensive data mining and processing. For the cost of only four months of monthly fees to Amazon and rackspace, we can buy and maintain 2 of our own servers until we have the funding to go back to a proper cloud computing/hosting environment.

        Anyway, thanks again for everything!

        Best,

        Chris

  7. Thanks.I own a Mac mini 10.6.8 SL.I use it for personal use and family.

    I wonder if it is possible to use my existing mac mini as a server . I plan to install things like Joomla for content management .

    Will it loses its functionality as a computer function after it is dedicated as a server?

    1. Hi Mark,

      It is indeed possible to use regular OS X as a web server. It even comes with the Personal Web Server (which is the same software as on the server, but with way less configuration options). There is a good-looking guide for setting it up at https://pagekite.net/wiki/Howto/Mac/PersonalWebServer/

      If you want a bit more freedom, I can also recommend looking into MAMP, which contains everything you need to run a web server on OS X. You can get MAMP at http://www.mamp.info/en/index.html The free personal edition should be enough for you.

      You can get the same functionality for MAMP by manually configuring the Apache installation shiping with OS X. If that doesn’t sound familiar to you, don’t consider this. It is no fun.

      The main difference between OS X and OS X Server is that the server comes with a bunch of server applications for running small to mid size companies, including directory servers for allowing users to log in to many machines and have their files available at all times, DNS servers, etc. For just running a web site that is overkill.

      You can still use the machine while it is serving web pages. Unless you get a LOT of hits, you won’t even notice any performance hit, as serving web pages is very light-weight. The only downside is that running the computer as a desktop as well has a tendency of making it a little less stable as desktop applications are less stable than pure server applications. Thus your web site may run a bit less stable, but unless you are considering anything less that 99.99% uptime awful, don’t worry about this either (99.55% uptime means less than one hour down-time a year). Google doesn’t promise or give you that high up-time (they only give 99%, i.e., up to 3.5 days down-time a year).

  8. Not to derail the discussion, but…
    If you need zero downtime, you may consider a IBM System Z Mainframe, where “Z” stands for “zero-downtime” 🙂
    Optimized for millions of transactions — if you want to run a bank e.g. Who doesn’t.

    Given the low price for Lion Server ($50), I have thought of purchasing it, just to have it and find things that I might need. Maybe I need a box computer first.

    1. I’m sure that everybody looking into OS X Server is interestested in IBM Z og 360 😉

      Remember Lion Server needs a regular Lion license as well. Unless you need the Wiki server, Mail server or directory services, it does not offer much of interest anymore after they horribly crippled the server administration as the new Server.app. And they removed MySQL (the major reason I have not upgraded my SL to Lion or Mountain Lion).

      Maybe I should try installing Mountain Lion Server and see if it is getting better.

  9. Hey Michael, great article first of all. I am using a MAC Mini OS X version 10.7.4 I do not know much about MACs or how or how to use them but my boss is doing a project and would like me to set it up for her. I was wondering if you could help me step by step on how to set this server up? I can provide more info with a reply to my email. Thanks

    1. Hi Rob,

      With 10.8 out, I’m not planning on making a write-up for 10.7. I am considering upgrading to 10.8 in the hope that the threading issue in Apache has been addressed, but there is no time-frame as of yet.

Leave a Reply to Michael Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.