How do I multi-home Lion Server

Similar Messages

• How To Set Up Mountain Lion Server/Point DNS to Mac Mini Server

  Hello, First of all I have no experience with setting up servers whatsoever. Below is what I have
  - Mac Mini with Mountain Lion Server
  - Time Capsule as my router
  - Comcast as my service provider
  My goal is to set up my MacMini as a sharepoint for files and other data with my other partners.
  - I have purchased a domaine name from NetworkSolutions. Does this mean that they are my DNS hosting as well? Not really sure. My biggest question is how to point my DNS to my mac mini server correctly.
  1. How do you point the DNS to my mac mini server.
  2. I've read somewhere to use the IP address from my mac mini server. The only IP address I see is from my Time Capsule (router). I know what my public IP adress is but I am not sure if that's the one to use. I think once I figure this DNS thing I can figure out the rest.
  Thanks - Need lots of help.

  Here's a detailed write-up on setting up internal (private) DNS on OS X Server, and no, you're probably not going to be setting up external DNS on your servers.  Your public DNS service will be hosted on and served from the Network Solutions DNS servers.

• How can I make my Lion Server into a Lion Workstation?

  How can I downgrade my Mac OS X Lion Server to just a standard Mac OS X Lion machine?
  I've tried everything including re-installing Lion. When re-installing Lion, it seems to automatically pickup on the fact that this is a Server OS & installs Lion Server OS.
  I want to simply downgrade my Lion machine to be running the standard Lion OS instead of Lion Server.
  In case you're wondering, this is on my iMac 27" which I originally upgraded from Snow Leopard to Lion, then from Lion to Lion Server.

  @Chris BeHanna
  You were right for the firewall Issue. I was also running IPSecuritas and I installed Lion Server and the traffic stopped responding on the tunnel, although it connected well.
  I figured out that, for some reason, even if the ServerAdmin indicated that the server firewall (my local "new" server, my own machine) was inactive, some rules must had been set during Server.app installation.
  Anyway, what I did was activate the firewall, and then, allow all traffic on every ip. You can do that in the ServerAdmin app.
  And then the traffic turned back on, on the IPSecuritas tunnels.
  The next step would be to be configure rules precisely, but since I am already behind a firewall, I prefer using a "transparent" setting.

• How do i configure my lion server to update my other workstations

  I have a brand new Mac OS X Lion server. How do I go about setting up my Lion server to download updates for my other workstations (about 30). These workstations are mixed with Macbook Pros using 10.6 as well as some using 10.7, iMac's using 10.6 and 10.7 and Mac Pros using 10.7.
  What do I need to do on the client side as well so that they can download from my OS X server. I have created a DNS entry for my OS X server in my DNS as well as a static IP.

  How do I go about setting up my Lion server to download updates for my other workstations
  Use Server Admin to turn on the Software Update Server. Give it a while to download all the updates. Done.
  What do I need to do on the client side as well so that they can download from my OS X server
  How do the clients connect to the server? Are they using central accounts via Open Directory? or are they local accounts on each machine.
  If you're using Open Directory you can control the software update server via Workgroup Manager, otherwise you'll need to walk through each machine and update its software update configuration. Apple have a tech note that describes how to manually configure each client to use your server.

• How do I RE-Configure Lion Server?

  So, i was playing with Lion Server, and had managed to Mail to recieve, but not send messages, and webmail sems to be all messed up.
  How do i Re-run the Configuration for  Lion server? It's a remote Mac Mini, so i am not able to be physically at the machine and wipe/rebuild it. I would like to do it all remotely if possible. Is there a way to wipe all the settings except network, IP, and remote acces, and reset it all up?
  I could have sworn there was a configure utility in 10.5 that you could re-run to input the serial, set admin accounts and so forth.
  The server is socialgraphics.com if it matters. I think i got DNS set up right, but the server is wonky, and i'd like to just reconfigure if possible
  Thanks!

  Hi Paul
  You can still download Lion (and the Server App for Lion) from the App Store by calling Apple Sales (in the US this would be 1-800-692-7753) and paying for a redemption code. I think it's $20? I'm not sure what number you call outside of the US? Apple's Service & Support page may help?
  http://support.apple.com/kb/HE57?viewlocale=en_US&locale=en_US
  If I've understood your post correctly you may not have to do any of the above?
  "I wish to put 10.7 on another device that does not support 10.8 but don't know how to do it?"
  Assuming your existing 10.7 Server is still active why can't you target disk mode (over firewire) the device that does not support 10.8 and either use CarbonCopyCloner or use Disk Utility to restore? When you're happy migrate to 10.8.
  HTH?
  Tony

• How to reinstall OS X Lion Server

  I'm newbie os x admin . I bought new Mac Mini 2010 with Lion Server. I want to do RAID 0 with my HDD. 
  I make image for Recovery Partition. Then  format partition and do RAID 0.
  I setup with Mac OS X Lion 10.7 GM build 11A511
  I success to install but .... No Lion Server.
  I try to check Mac Store but I found  I need to buy  Lion Server License ?
  These is my Question
  1.  Lion Server that pre-install with Mac Mini is not license version or not?
  2.  Should  I  restore from  recovery partition  and get Lion Server from them ?
  3.  How I make recovery DVD or anything that easy to reinstall ?
  Thank You very much.

  The 2010 Mac mini Server did not come with Lion Server, it was shipped with Snow Leopard Server. To go from Snow Leopard to Lion is a paid upgrade, not a free update. Up until Snow Leopard there was a SL client OS and a SL Server OS. Now Lion Server is an add-on purchase to the Lion client. So you must buy and install the Lion client, then the second step is to buy and install the Lion Server add-on. You purchase both Lion and Lion Server through the Mac App Store.

• How do I fix my Lion Server Wiki?

  On my Mac Mini with Lion Server when I visit the wiki it always says the server is down. How do I fix this?

  How do I go about setting up my Lion server to download updates for my other workstations
  Use Server Admin to turn on the Software Update Server. Give it a while to download all the updates. Done.
  What do I need to do on the client side as well so that they can download from my OS X server
  How do the clients connect to the server? Are they using central accounts via Open Directory? or are they local accounts on each machine.
  If you're using Open Directory you can control the software update server via Workgroup Manager, otherwise you'll need to walk through each machine and update its software update configuration. Apple have a tech note that describes how to manually configure each client to use your server.

• How to find backup on Lion Server time machine backup?

  I have a MacBook laptop running Lion that has gotten automated Time Machine network backups by my Mac Mini running Lion Server. Had to do a reformat of the laptop and when I used Recovery HD from the laptop to find the laptop backup files on the server, I can't find them.  I can find the server backup file, and the network version of time machine may bundle the laptop backup and mini backup in that file, but Recovery HD claims there are no valid backups.
  Am I doing this the wrong way?  Any help?

  Just found it here:
  https://discussions.apple.com/message/19152432#19152432
  And it worked.
  zeke

• How do I install mountain lion server

  I have a Mini server with 10.7 that I am migrating to 10.8.  I wish to put 10.7 on another device that does not support 10.8 but I do not know how to do it.  In the apple store I can see 10.8 server and I was able to unhide 10.6 but I cannot find 10.7.  Any suggestions?  I cannot see where I could buy it even if I wanted to.
  Paul

  Hi Paul
  You can still download Lion (and the Server App for Lion) from the App Store by calling Apple Sales (in the US this would be 1-800-692-7753) and paying for a redemption code. I think it's $20? I'm not sure what number you call outside of the US? Apple's Service & Support page may help?
  http://support.apple.com/kb/HE57?viewlocale=en_US&locale=en_US
  If I've understood your post correctly you may not have to do any of the above?
  "I wish to put 10.7 on another device that does not support 10.8 but don't know how to do it?"
  Assuming your existing 10.7 Server is still active why can't you target disk mode (over firewire) the device that does not support 10.8 and either use CarbonCopyCloner or use Disk Utility to restore? When you're happy migrate to 10.8.
  HTH?
  Tony

• How to install yosemite on lion server without server application

  I have osx 10.7.5  (that's all it says when I click about this app, but I know the computer was installed with lion with server app originally).  I don't need nor want the server app, and am happy to remove it one way or another.  Server is currently disabled.  I want to know how to upgrade to mavericks or yosemite without any server aspect at all.  Can it be done?  I have googled until my head has exploded and am none the wiser.  Most people seem to be unsuccessful.  I did previously try to install mavericks when it came out but it came up with some random scary message and I cancelled it. 
  Both my mac mini 2011 disks are in use  for different reasons - one tends to be more operational such as the operating system and apps, the other to save all my photos, videos and files mainly.   I have a separate ext hard drive for time machine back ups.
  I have no tech skills whatsoever, so baby language please.  Be specific.  Outline EVERY step in simple language.  Or I will cry! 
  Thanks!
  Jodi

  There's nothing special you have to do. Just upgrade. The Server app won't come back.

• How do I install osx lion server in vmware fusion (app store version)

  i cannot seem to find a way to get a .dmg to download to use / mount / whatever
  mac mini running osx lion

  I just get the "server" application,
  Tried sending it to trash and tried redownloading just to the point where the "downloader" completes but it looks like the server application reappeared.
  Is the server no longer a operating system and is downgraded to a application that runs on top of OSX 10.7?
  How would I go about running OSX Lion then in Vmware fusion then?
  It came preinstalled on my mac mini.

• How to enable realms in Lion Server?

  Hey guys, in Snow Leopard Server I was able to enable realms to password protect a part of my website. How do you do that in Lion? A quick Google search revealed nothing. How are you doing it? Thanks for your help!

  Before you password protect your site, you will need to create a Group of people you want to have access. If you have already created a group and added users to it, skip to step 8.
  1. In the Server app, under Accounts, select Groups on the left.
  2. In the Groups menu in the right pane, click the + button.
  3. Give your Group a name and click done.
  4. Go to Users, under accounts, on the left.
  5. Select the Users you want to be apart of the group by holding down command and clicking on them.
  6. When you have all of the users you want to be apart of the group selected, double click one of them.
  7. Click the + button and begin to type in your Group name. It should autopopulate your group name after a few letters. Select the group, then click Done.
  8. Under Services, select Web.
  9. Select the site you want to add password protected areas to.
  10. Click the pencil button.
  11. Under "Who Can Access:", change "Anyone" to the Group you have created here, or choose "Customize..." to select specific folders within your site to password protect.
  12. Click Done. Now the desired parts of your site will be password protected.

• How to repartition mac mini lion server 10.7.5.

  Purchased Mac Mini Server OS X 10.6 in 2010.  Upgraded to OS X 10.7.5 Server Lion.  This was my first time purchasing any kind of server.  On setup I split the hard drive in half and didn't realize my mistake until the first half of the hard drive (about 500 GB) became full over the years.  The second half (about 500 GB) is empty.  I currenty have a time capsule making back ups. 
  How can I combine both halfs togther to tap into the unused 500 GB?

  Iwas able to fix this issue by going to the Audio Midi setup paneal and changing to 48K bit rate.Works fine now....

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• How to preview graphic files on a home web server setup?

  I apologize if this question is not asked in the most technical way, but here goes:
  I'm read online on how to create a home web server or ftp server on a Mac computer. (I plan to do this with my G5, running OSX 10.6.4)
  I would like to have a library of folders containing all of my graphic files that I've collected over the years in order to have access to them (if needed) when i'm working remotely.
  I want to be able to easily view all of these graphic files like I can with Adobe Bridge (eps, psd, ai, gif, jpg, png, etc).
  Is there software I can use that will allow me to view a gallery thumbnails of all of these file types when I am away from home and logging into the ftp server or web server?
  I know software such as Transmission FTP will allow me to look at one image at a time, but I'd like to view an entire gallery of thumbnails at once for quick reference.
  Thanks in advance.

  Hi johnny-griswold;
  The G5 was called a PowerMac and used a PowerPC processor.
  The MacPro is an Intel based Mac and is capable of running 10.6.4.
  You might what to drop your references to G5 because they are only confusing things.
  Allan