[legacyb4]

CNAME on a CNAME to a HOST record… never thought of doing that! If everything resolves to the Host though, is there any point in doing that?

So if you are working with a single IP address and you want to have a nice, easy to read DNS record for mail and web identification, the Primary Name Server name, the Mail Server name, and the “A” record as set using Bindery should all have the same entry, and a fistful (“www”, “ftp”, and “mail”, etc.) of CNAME records all resolving to that “A” record, correct?

Thanks in advance.

[quote:f0d6a43f01=”MacTroll”]Agreed.

the ns1 is pretty much just by convention. You are more then welcome to make your primary name server xserve.example.com if you want and do away with the ns1 host name altogether.

But as Hotmop said, you need to make sure that only one A record points to a given IP address.[/quote:f0d6a43f01]

[legacyb4]

Having a bit of trouble here with setup:

My server is hosting three different domains with mail services under the three domains; rather, the clients are checking using “mail.domain01.com, mail.domain02.com” etc.

What FQDN should be used when setting up the machine with stunnel?

I tried the “primary” domain but see the following errors:

[i:ce63cc5139]Apr 2 2003 17:05:35 SSL Error: Unable to find keychain pass file /private/var/root/Library/Keychains/certkc.pass.
Apr 2 2003 17:05:35 SSL Error: Unable to unlock keychain /private/var/root/Library/Keychains/certkc.
Apr 2 2003 17:05:35 SSL Error: Cannot find signing key in keychain at /private/var/root/Library/Keychains/certkc. Aborting.
Apr 2 2003 17:05:35 SSL Error: certificate “certkc” not found.
Apr 2 2003 17:05:36 SSL Error: Unable to find keychain pass file /private/var/root/Library/Keychains/certkc.pass.
Apr 2 2003 17:05:36 SSL Error: Unable to unlock keychain /private/var/root/Library/Keychains/certkc.
Apr 2 2003 17:05:36 SSL Error: Cannot find signing key in keychain at /private/var/root/Library/Keychains/certkc. Aborting.
Apr 2 2003 17:05:36 SSL Error: certificate “certkc” not found.[/i:ce63cc5139]

Something about keys not being set up right…?

Thanks in advance.

[quote:ce63cc5139=”MacTroll”]I’m using Apple’s Mail.app in 10.1 and in 10.2 to connect to a self signed certificate without any issues.

Joel[/quote:ce63cc5139]

[legacyb4]

While I haven’t tried it myself as I haven’t had the need so far, I know that [url=http://www.ravantivirus.com/] RAV Antivirus [/url] does publish several options for server-side virus scanning.

A friend of mine was asking about email virus scanning and I found RAV on the Net.

Hope that helps.

[quote:4eee1c11fa=”phoopes”]Does anyone have a reliable virus scanning setup for OSXS 10.2. Using NAV 8 doesn’t really work right, and doesn’t remove all of the viruses…

Looking for suggestions.

Thanks.

Peter[color=#444444:4eee1c11fa][/color:4eee1c11fa][/quote:4eee1c11fa]

[legacyb4]

Meaning surfing non-filtered web content from the library on your own laptop?

[quote:021ccfa03a=”Dave”]I want to browse the web from my OS X laptop using my OSX server (on a remote network) as a web proxy. This is to allow library access. I can configure the laptop, but how do I configure the server?[/quote:021ccfa03a]

[legacyb4]

Honestly, I’m not too sure since the values changed by the Firewall pref pane is stored in:

[b:8aea9ad905]/Library/Preferences/com.apple.sharing.firewall.plist[/b:8aea9ad905]

which is not exactly *Nix. Maybe take a look to see where Brickhouse, etc. store their changes?

Cheers.

[quote:8aea9ad905=”RobotDeathSquad”][quote:8aea9ad905=”legacyb4″]Just a thought, but would using the .conf file from an OS X client work? Or at least provide you with the bulk of the filter info already plugged in?

Cheers.[/quote:8aea9ad905]

Which file controls this?[/quote:8aea9ad905]

[legacyb4]

Just a thought, but would using the .conf file from an OS X client work? Or at least provide you with the bulk of the filter info already plugged in?

Cheers.

[legacyb4]

Joel,

I assume you mean then for the GUI interface to easily manage WebDAV? Hrm… that’s not a good thing.

I’m looking at a content management system:

[url]http://www.squiz.net/[/url]

and it requires PHP 4.2.x or better; however, I’m using WebDAV on the same server… I’m taking a shot at compiling 4.3.1 right now but and getting buried by the various libraries that need to be compiled for different functions.

Cheers.

[quote:3b6d3eda2e=”MacTroll”]The authentication that you lose without that Apple module is for realms.

Without this module you have to create the .htaccess files yourself. Many people do this on their own anyway, so no big deal.

The module has been released by Apple under the APSL so you should be able to compile it back in, but it may break under the newer versions of PHP. I don’t know I’ve never tried.

Joel[/quote:3b6d3eda2e]

[legacyb4]

Not to sure what you mean about not being able to authenticate for mail, etc. as I haven’t had any issues running services for several domains after doing the 4.2.3 update.

In any case, 4.3.1 was released to patch a CGI security hole so it might be worth looking at recompiling anyway.

Cheers.

[quote:fad4ea8fea=”jmao”]While that’s true of Marc’s installer, without apple_auth_module you can’t authenticate against the NetInfo database where I have all my users already for mail, ftp, and afp.

however, a bit more digging and I found a simple straight forward set of instructions on how to compile 4.3.0 on OS X server and it appears to be working.

http://www.onlamp.com/lpt/a/3094[/quote:fad4ea8fea]

[legacyb4]

I did the upgrade to 4.2.3 using Liyanage’s installer.

[url=https://www.afp548.com/eBBS/viewtopic.php?t=205]Earlier post on topic…[/url]

Adding

[b:8c79fa1b59]LoadModule auth_module /usr/libexec/httpd/mod_auth.so[/b:8c79fa1b59]

and

[b:8c79fa1b59]AddModule mod_auth.c[/b:8c79fa1b59]

to the httpd.conf file seems to enable functionality (.htaccess, etc.) and so far, I haven’t come across any major issues with it so far.

Cheers.

[quote:8c79fa1b59=”jmao”]I’d like to upgrade my php install on a 10.2.3 server, but all the “easy” avenues (ie Marc Liyanage, PHP 4.3 install from version tracker,..) work, but break apple_auth_module. I need that mod,…anyone got a way to do this? I’m still learning the unix side of things, so compiling php from source is over my head, particularly as I don’t know which of the many options I need and don’t need.[/quote:8c79fa1b59]

[legacyb4]

I imagine it should be possible if you wanted to reinstall Apache as a standalone server from source…

Cheers.

[quote:f7b658ec15=”jlz113″]Anyone know how I can bypass the httpd_macosxserver.conf? I really dislike how Apple set Apache up in OS X Server, but still want to use OS X Server for other reasons (XServe, IP Failover, etc). I am looking to serve a web site which I need complete control over the conf file. Some directives that I commonly use work in OS X Client are not working in OS X Server (even when I follow the directions in the conf files and put most all of my custom config stuff in httpd_macosxserver.conf. I wish we could just comment the “Include httpd_macosxserver.conf” in the httpd.conf and then just work with httpd.conf, but when I have tried this, apache will not serve anything.
Thanks in advance.
Jen
[email protected][/quote:f7b658ec15]

[legacyb4]

I use awstats which is a pretty easy to use and easy to read stats package for basic site stats.

http://awstats.sourceforge.net/

You might have to start relogging as you get best results using Apache’s combined log format which is not enabled by default.

Cheers.

[quote:21511fde49=”Timbits”]hey all, since i just reinstalled. I thought i would ask what software people are useing for web Statistics, as i’m looking to install one. I’ve tryed Webalyzer.

It would be nice if it wasn’t to hard to install. And I would like to be able to have it make a Statistics page for each site i have running

Tim[/quote:21511fde49]

[legacyb4]

Unfortunately, all my hardware is tied up right now…

However, strange thing is that I can connect to iDisk from the XP client.

Guess I’ll put a call into Apple Support to find out what’s going on.

Cheers.

[quote:6fc4faf907=”Atropos”]I haven’t tried it, but I wouldn’t be surprised given that XP caused SMB problems (which Apple fixed in 10.2.x). Can you try setting up WebDAV on, e.g., a Linux machine and see if there are similar problems?[/quote:6fc4faf907]

[legacyb4]

Log entries:

(connecting from a Mac)

user [05/Feb/2003:22:26:53 +0900] “OPTIONS /public/WebDAV/ HTTP/1.1” 401 483

(connecting from a Windows 2000 machine)

user [05/Feb/2003:22:33:41 +0900] “PROPFIND /public/WebDAV/ HTTP/1.1” 401 483

(connecting from an XP machine)

http://www.domain.com\user [05/Feb/2003:22:26:26 +0900] “PROPFIND /WebDAV HTTP/1.1” 401 483

[legacyb4]

Been playing around with the WebDAV configuration a bit and wanted to run something by folks who are using it over HTTPS.

On a Windows server, I can create a single webroot, have a /webDAV directory physically located (or aliased, it doesn’t matter) inside the root and then force HTTPS access only to that particular directory.

So, basically I can get:

[list:84b99adc00][b:84b99adc00]virtual host settings: listening on port 80 and 443

/webroot/ (HTTP access okay)
/webroot/webDAV (HTTPS access only, HTTP denied)[/b:84b99adc00][/list:u:84b99adc00]

solely by the setting specified on the webDAV directory.

However, as it seems that with OS X Server, I need to create two virtual hosts in order to specify port 80 (HTTP) and port 443 (HTTPS). On top of that, if I want the webDAV directory to only be accessible by HTTPS, these physically have to reside in a separate webroot or else traffic can come in on regular HTTP anyway.

For example, creating two virtual hosts (one for HTTP, one for HTTPS) with the same webroot results in:

[list:84b99adc00][b:84b99adc00]http/https://www.domain.com

/webroot/webDAV (HTTPS access enabled)
/webroot/webDAV (HTTP access ALSO enabled)[/b:84b99adc00][/list:u:84b99adc00]

or, create two virtual hosts with two different webroots to isolate traffic:

[list:84b99adc00][b:84b99adc00]http://www.domain.com

/webroot01/directory01,02… (only HTTP traffic is accepted)

https://www.domain.com

/webroot02/webDAV (only HTTPS traffic is accepted)[/b:84b99adc00][/list:u:84b99adc00]

Is this the correct method of handling HTTPS-exclusive content?

Thanks in advance.

[legacyb4]

Agreed.

I spent the better part of Sunday last weekend setting up a 2-NIC firewall using [url=http://www.mandrakesoft.com/products/mnf]Mandrake Linux’s Multi Network Firewall[/url] which is a pretty decent and [b:2e590ffe38]free[/b:2e590ffe38] solution.

It’s a 250MB or so ISO download and an installer almost as simple as OS X but you do have to understand firewalling basics to get it configured beyond the default rules. Out of the box, it’s configured to have a very restricted outgoing rule set (HTTP, SMTP, POP, and some of other Internet basics).

It also provides additional functionality like DHCP server, two forms of Intrusion Detection systems (Snort and Prelude), content filtering (great for ad blocking at the firewall), access control based on time and groups (if you want to exert a little control in an office environment), and full IPSec VPN functionality.

It’s not as sexy or fun as OS X, but why waste a Mac on a such dreary duties? Scrape up an older PC with a hard drive, throw in some memory and an extra network card, and you can focus on more fun stuff.

Sorry to get off topic…

Cheers.

[quote:2e590ffe38=”MacTroll”]I don’t use natd and ipfw too much on my servers. I prefer a hardware device between my goodies and the world.

Joel[/quote:2e590ffe38][/url]

[Author]

Posts