How To Setup A Basic Web/Email Server With OS X/macOS + Server 5.x

How To Setup A Basic Web/Email Server With OS X / macOS + Server 5.x

• Computer
• OS X / macOS + Server
• Business Internet Connection (static IP + ability to server web sites/email)
• Domain Name(s)
• Additional Hardware
• Server Configuration

• macOS 10.13 High Sierra + Server 5.4 - coming soon
• OS X / macOS + Server 4/5
• OS X 10.8 / Server 2.x

Computer

• The fastest processor you can afford - if you can get the older Mac mini (2010) with the quad core processor that is ideal
• 16GB of RAM/memory - if you have an older Mac mini you may be able to upgrade it to 16GB
• Solid State Drive (SSD) / Flash Storage - it is not recommended to run this kind of server from a Mac mini with a spinning hard disk, especially the slow 5400rpm versions

• 3.0GHz Dual-Core Intel Core i7 (Turbo Boost up to 3.5GHz)
• 16GB 1600MHz LPDDR3 SDRAM
• 256GB PCIe-based Flash Storage

OS X / macOS + Server

• OS X 10.10 Yosemite
• OS X 10.10 Yosemite Frequently Asked Questions (FAQ)
• How To Obtain/Download OS X 10.10 Yosemite
• How To Obtain/Download OS X Server 4/5 for OS X 10.10 Yosemite
• OS X 10.11 El Capitan
• OS X 10.11 El Capitan Frequently Asked Questions (FAQ)
• How To Obtain/Download OS X 10.11 El Capitan
• How To Obtain/Download OS X 5
• macOS 10.12 Sierra
• macOS 10.12 Sierra Frequently Asked Questions (FAQ)
• How To Obtain/Download macOS 10.12 Sierra
• How To Obtain/Download macOS Server 5.2-5.3.1

Q. What are the current, supported versions of macOS?

• macOS 13.4 - included in the macOS 13.4 Installer (or go to Apple menu > System Preferences > Software Update and install the 13.4 update)
• macOS 12.6.6 - included in the macOS 12.6.6 Installer (or go to Apple menu > System Preferences > Software Update and install the 12.6.6 update - click the blue "More info" link under "Other updates are available" or "Another update is available")
• macOS 11.7.7 - included in the macOS 11.7.7 Installer (or go to Apple menu > System Preferences > Software Update and install the 11.7.7 update - click the blue "More info" link under "Other updates are available" or "Another update is available")
• SECURITY WARNING: macOS 10.15 and earlier are no longer supported with security updates - see our securing older operating systems article.

Business Internet Connection (static IP + ability to serve web sites/email)

1. Real world, internet based static IP address (see our Basic Networking 101 article)
2. A (business) internet connection that allows you to run a server - the service's "Terms And Conditions" specifically allow for running a server and no server ports/protocols are blocked
3. A decent, guaranteed upload speed (which will be the speed people see when they access your server - not the download the speed
4. A guaranteed uptime and either a proper, defined unlimited data service or a very high data cap based on the data that your server is likely to serve over the connection, over time

• OpenDNS - application
• DynDNS - application
• StaticCling - application
• DNS-O-Matic

• Virgin Media Business
• BT business
• Plus Net Business

• RapidHost
• Mythic Beasts

• Mac mini Colocation

Domain Name(s)

• Czech Republic domena.cz
• UK names.co.uk
• USA easyDNS

• An "A" name record for 'your_domain_name.co.uk' should point to your static IP
• If you are hosting a web site on that domain you should also create a "CNAME" record for 'www.your_domain_name.co.uk' that points to 'your_domain_name.co.uk'
• If you are hosting email on that domain you should also create a "Mail Exchange" (MX) record that points to your static IP

Additional Hardware

• Sonnet RackMac mini Buy it now at
• Mac mini Rack Mount with Slide
• Rack mount for two latest Gen Mac Pros

• External portable hard disks (small)
• G-Tech G-Drive mobile 5400rpm USB 3 + FireWire 800
• 500GB (model number = GDMOCEA5001ADB | part code = 0G02384)
  
• 750GB (model number = GDMOCEA7501ADB | part code = 0G02388)
• 1TB (model number = GDMOCEA10001ADB | part code = 0G02392)
  
• G-Tech G-Drive mini 7200rpm USB 3 + FireWire 800
• 500GB (model number = GDRMU3EA5001BDB | part code = 0G02569)
  
• 750GB (model number = GDRMU3EA7501BDB | part code = 0G02573)
• 1TB (model number = GDRMU3EA10001BDB | part code = 0G02577)
  
• LaCie Rugged Triple USB 3 + FireWire 800
NOTE: We do not recommend the LaCie Rugged Triple 1.5TB or 2TB models as they use two hard disks in RAID 0 mode which is catastrophic for your data if either drive fails.
• 500GB 5400rpm (part code = 301982)
• 500GB 7200rpm (part code = 301983)
• 1TB 5400rpm (part code = 301984)
  
• External desktop hard disks (full size)
• G-Technology G-Drive (Gen 6)
• G-Technology G-Drive 2TB (model number = GDREG6EB20001BDB | part code = 0G02920)
  Buy it now at
• G-Technology G-Drive 4TB (model number = GDREG6EB40001BDB | part code = 0G02928)
  Buy it now at
• G-Technology G-Drive (Gen 5)
• G-Technology G-Drive 2TB (model number = GT-GDREU3EB20001BDB | part code = 0G02529)
• G-Technology G-Drive 4TB (model number = GT-GDREU3EB40001BDB | part code = 0G02537)
• Backup Plus Desktop Drive for Mac
• Seagate Backup Plus Desktop Drive for Mac 2TB (part code = STCB2000800)
• Seagate Backup Plus Desktop Drive for Mac 3TB (part code = STCB3000800) Buy it now at
• Western Digital My Book Studio USB2/FW800
• Western Digital My Book Studio 1TB USB2/FW800 (part code = WDBC3G0010HAL)
  Buy it now at
• Western Digital My Book Studio 2TB USB2/FW800 (part code = WDBC3G0020HAL)
  Buy it now at
• Western Digital My Book Studio 3TB USB2/FW800 (part code = WDBC3G0030HAL)
  Buy it now at
• Western Digital My Book Studio USB3/USB2
• Western Digital My Book Studio 1TB USB3/USB2 (part code = WDBCPZ0010HAL)
  Buy it now at
• Western Digital My Book Studio 2TB USB3/USB2 (part code = WDBCPZ0020HAL)
  Buy it now at
• Western Digital My Book Studio 3TB USB3/USB2 (part code = WDBCPZ0030HAL)
  Buy it now at
• Western Digital My Book Studio 4TB USB3/USB2 (part code = WDBCPZ0040HAL)
  Buy it now at
NOTE: Special information on using drives that are larger than 2TB.

Server Configuration

• Initial Setup
• Initial Configuration
• Install Additional Applications
• Enable The Root User
• Secure Safari
• Initial Server Configuration
• Install And Configure MySQL

Initial Setup

1. If you do not have OS X 10.10 / OS X 10.11 / macOS 10.12 download and install it:
• How To Obtain/Download OS X 10.10 Yosemite
• How To Obtain/Download OS X 10.11 El Capitan
• How To Obtain/Download macOS 10.12 Sierra
2. Especially if the Mac is not a brand new purchase, we highly recommend erase installing OS X / macOS to start with a perfectly clean installation/setup
3. Go through the OS X / macOS setup using a strong password for the primary admin user
SECURITY NOTE: Don't set up the primary admin user with the name "admin" or a person's name as these will be too easy to guess, phished or obtained from publicly available company details!
4. Update OS X / macOS:
• List of macOS 13 Combo Updates (latest version = 13.4)
• List of macOS 12 Combo Updates (latest version = 12.6.6)
• List of macOS 11 Combo Updates (latest version = 11.7.7)
• List of macOS 10.15 Combo Updates (latest version = 10.15.7)
• List of macOS 10.14 Combo Updates (latest version = 10.14.6)
• List of macOS 10.13 Combo Updates (latest version = 10.13.6)
• List of macOS 10.12 Combo Updates (latest version = 10.12.6)
• List of OS X 10.11 Combo Updates (latest version = 10.11.6)
• List of OS X 10.10 Combo Updates (latest version = 10.10.5)
• List of OS X 10.9 Combo Updates (latest version = 10.9.5)
• List of OS X 10.8 Combo Updates (latest version = 10.8.5)
• List of OS X 10.7 Combo Updates (latest version = 10.7.5)
NOTE: Apple software updates/installers downloaded prior to 14th February 2016 have an expired security certificate. You should re-download any required/archived updates/installers.
• macOS 13.4 - included in the macOS 13.4 Installer (or go to Apple menu > System Preferences > Software Update and install the 13.4 update)
• macOS 12.6.6 - included in the macOS 12.6.6 Installer (or go to Apple menu > System Preferences > Software Update and install the 12.6.6 update - click the blue "More info" link under "Other updates are available" or "Another update is available")
• macOS 11.7.7 - included in the macOS 11.7.7 Installer (or go to Apple menu > System Preferences > Software Update and install the 11.7.7 update - click the blue "More info" link under "Other updates are available" or "Another update is available")
• SECURITY WARNING: macOS 10.15 and earlier are no longer supported with security updates - see our securing older operating systems article.
5. Download, install or purchase OS X / macOS Server:
• for macOS 10.12 -> How To Obtain/Download macOS Server 5.2-5.3.1
• for OS X 10.11 -> How To Obtain/Download OS X 5
• for OS X 10.10 -> How To Obtain/Download OS X Server 4/5

Initial Configuration

1. Configure Apple menu > System Preferences > Network:
• Wi-Fi > switch off
• Keep ethernet, Wi-Fi and FireWire/ThunderBolt - remove all others ("-" button in bottom left)
• Set service order (cog icon > Set Service Order > drag "Ethernet" to the top of the list)
• TCP/IP > set static IP address + DNS servers
2. Configure Apple menu > System Preferences > Sharing:
• TICK "Remote Sharing"
• Change computer name to something appropriate e.g. "Internet Server"
• Under 'Allow access for:' set to "Only these users" and add the primary admin user you created on initial setup
• TICK all items for admin user "can access this computer to:"
3. Configure Finder preferences (in the Finder click on the Desktop and go to Finder menu > Preferences)
• General - TICK all "Show these items on the desktop" and set 'New Finder windows show' "Applications" folder
• Sidebar - set as required but recommended to:
• UNTICK "All My Files"
• UNTICK "iCloud Drive"
• UNTICK "AirDrop"
• UNTICK "Back to My Mac"
• UNTICK "Bonjour computers"
• TICK all items listed under "Devices"
4. Setup the Dock up as required e.g. remove non-server application icons
5. Configure Apple menu > System Preferences:
• General:
• Set scroll bars as required
• TICK "Ask to keep changes when closing documents"
• TICK "Close windows when quitting an application"
• (if present) UNTICK "Allow Handoff between this Mac and your iCloud devices"
• Screen Saver - set 'Start After' as required e.g. "5 Minutes"
• Security & Privacy:
• General tab > set Require password "immediately" after sleep or screen saver begins
• General tab > set 'Allow apps downloaded from' to "App Store and identified developers
• FileVault tab > turn FileVault on if you want to encrypt the internal boot drive
NOTE: If you FileVault encrypt the internal boot drive manually rebooting the Mac requires a physical presence at the Mac - you cannot control it remotely to startup and login - so if the Mac is colocated, not easily accessible or headless/no monitor you may want to consider not encrypted the internal boot drive!
• Firewall tab > turn ON the Filewall
• (if present) CDs & DVDs - set all to ignore
• Energy Saver:
• Set 'Computer sleep' to "Never"
• Set 'Display sleep' as required e.g. "30 minutes"
• UNTICK "Put hard disks to sleep when possible"
• (if present) UNTICK "Allow power button to put the computer to sleep"
• TICK "Wake for network access"
• TICK "Start up automatically after a power failure"
• (if present) UNTICK "Enable Power Nap"
• App Store
• TICK "Automatically check for Updates"
• UNTICK "Download newly available updates in the background"
• UNTICK "Install app updates"
• (if present) UNTICK "Install OS X / macOS updates"
• TICK "Install system data files and security updates"
• Bluetooth - UNTICK "On" and untick "Show Bluetooth in menu bar"
• If using Mac headless/no monitor click "Advanced…" and UNTICK all 3 open/wake items
• Users & Groups > Login Options
• Set 'Automatic login' to "Off"
• Set 'Display Login window as' as "Name and password"
• UNTICK all other items
• (if present) Siri - turn OFF/UNTICK "Enable Siri"
• Date & Time
• Date & Time - TICK "Set date and time automatically"
• Time Zone - UNTICK "Set time zone automatically using current location" if the server is not physically located in the timezone you want the server operating in
• Time Machine - set as required
• Startup Disk - make sure the correct startup disk is selected/highlighted
6. Now restart the computer and untick "Reopen windows when logging back in"

Install/Setup Additional Applications

1. A decent text editor that is better than TextEdit e.g. BBEdit (US$49.99)
2. A launchd (plist) editor e.g. Lingon X (US$10.99)
3. If you are going to install and use MySQL download a SQL graphical editor e.g. Sequel Pro (donationware)
4. Add any new applications downloaded to the Dock
5. Go to Macintosh HD > Utilities > Activity Monitor
• Right click on Activity Monitor's icon in the Dock and select Dock Icon > Show CPU Usage
• Right click on Activity Monitor's icon in the Dock and select Options > Keep in Dock
• Right click on Activity Monitor's icon in the Dock and select Options > Open at Login

Enable The Root User

1. Go to Apple menu > System Preferences > Users & Groups
2. Click the lock icon to unlock it and enter your administrator name and password
3. Click "Login Options" on the left and then click "Network Account Server: Join"
4. Click "Open Directory Utility"
5. Click the lock icon to unlock it and enter your administrator name and password
6. Choose Edit > Enable Root User and then enter a strong root user password
7. Logout
8. Login as "root" with the password you have just set
9. "Skip" the iCloud account setup
10. Setup root's Finder preferences and Dock as required (see the initial configuration section above)
11. Logout unticking "Reopen windows when logging back in"

Secure Safari

1. General:
• Set 'Safari opens with:' to "A new window"
• Set 'New windows open with:' to "Empty Page"
• Set 'New tabs open with:' to "Empty Page"
• Set 'Homepage' to nothing (delete whatever is there)
• UNTICK 'Open "safe" files after downloading'
2. Autofill > UNTICK all items/everything
3. Security > TICK all items/everything
4. Advanced > TICK "Show full website address"

Initial Server Configuration

1. Go to Macintosh HD > Applications > Server
2. Enter your host name as required e.g. your_domain_name.co.uk
3. Apple Push Notifications > leave fields blank and click "Continue"
4. Click Finish when setup is complete
5. You will be presented with the server "Overview"
6. Click on "Settings" and configure access as required
7. Your are highly recommended to turn on the OS X / macOS Server adaptive firewall

Alerts

• Click "Edit Recipients" under "Email Recipients" and add email address(es) that you want alerts to be sent to
• Under "Delivery Settings" we recommended turning on/TICKING:
• Certificate
• Disk
• Mail
• Network Configuration
• Software Update
• Time Machine

Certificates

• Set 'Secure services using" as required and add additional certificates if you have them
NOTE: more information about certificates

Users

• Add users as required (+ button at the bottom). For each user:
• Add associated "Email addresses" as required
• If the user is not going to administer the server make sure to UNTICK "administer this server"
• If the user is only accessing services e.g. email set 'Home Folder' to "None - Services Only"
• Add the user to "Groups" as required
NOTE: If you're going to use FTP to upload files why not set up an "ftpuser" or similar for that purpose (but make sure they have a 'Home Folder' set to "Local Only" or they will not be able to use the FTP service).
• Once a user has been created in the main user list you can select a user and click the cog button at the bottom for:
• Edit Access to Services… - if you click "Manage Service Access" here you can set on an individual basis what services can be accessed by that user otherwise all basic services are accessible to all users by default. It is recommended to manage services manually and set the services required for each individual user as required.
• Edit Mail Options… - you can choose whether email for that user is stored locally or forwarded to a different address. You can also set an email limit (size of individual email) here for the individual user

Groups

• Add groups as required - this is useful for setting group email addresses e.g. an email going to messages@your_domain_name.co.uk will be received by all the users in that group:
• To create an email group, add a group, then right click on it choosing "Edit Group…"
• For "Mailing Lists" add the group email address including the domain name
• Add "Members" as required

Mail

• For "Domains":
• Add email domains as required
• For each domain set the users that need email via that domain i.e. user_name@domain_name.com
• Authentication: probably best to leave it on Automatic but you can customise it by clicking "Edit…" to the right - options are:
• Automatic - will authenticate users against all accounts
• Open Directory - open directory users only
• Active Directory - Active Directory (AD) users only (if server is linked to one)
• Local users - local user accounts only
• Custom - customise the authentication options
• Click "Edit Filtering Settings…"
• Enable virus filtering
• Enable blacklist filtering
• Enable greylist filtering if required - see the notes on screen
• Enable junk mail filtering
NOTES for email clients:
• Use any modern mail client
• Set up accounts as POP or IMAP as required
• Must login and add login for SMTP authentication
• Must use SSL (see Certificates above)

Web Sites

• TICK "Enable PHP" if required
• The default web site is automatically setup for the domain you entered for the original server setup e.g. your_domain_name.co.uk

• To add a different domain e.g. www.your_domain_name.co.uk and/or www.youradditionaldomain.com click the + button and enter the settings for your domain
• SSL Certificates: set a certificate if required and it is installed
• Store Site Files In: use the default "Automatically create a new folder" option as this creates a correctly named folder with the right permissions in the Sites folder
• Additional domains: this is great for two reasons

1. you have multiple domains pointing to the same web site e.g. www.your_domain_name.com and www.your_domain_name.co.uk
2. you can add the root domain e.g. your_domain_name.co.uk (without the www bit) so that accessing http://your_domain_name.co.uk works

• Index Files: you can set the required index file name or have more than one and drag them in priority order
• Edit Advanced Settings:
• Generally you will want all of these unticked
• Use custom error page: this looks like a great option but we couldn't get it to work
• Once you domain has been created a folder appears in the Sites location. You can delete any default files found in there ready for your web site files to go in it.

FTP

• Create an FTP user if not already created (services only user)
• Click on 'FTP' on the left
• Select "Websites Root" from the "Share:' pop-up menu and then add (+ button) your FTP user with the "Read & Write" privilege
• Select each web site you are sharing from "Share:' pop-up menu and then add (+ button) your FTP user with the "Read & Write" privilege - you have do this for all the web sites
NOTE: Or you can login as root and use the Finder to add the user at the Sites folder level and copy all permissions to files and folders in this folder.
NOTE: The primary login directory will be the one that is currently set in the FTP settings screen - be careful what you leave it on if you have more than one FTP share point.
NOTE: If you copy files to the FTP folder(s) using the Finder the permissions will not be set correctly on the files you copy. Once you've copied the files go to your site folder, Get Info on it, unlock it (bottom right) and select "Apply to enclosed items…" from the wheel pop-up menu just to the left of the lock icon. This will propagate the permissions down to all the files/folders you've copied within that site folder. Use FTP from then on.
SECURITY NOTE: Because the FTP user has to have a local share point to access the FTP service the FTP user will have the ability to physically login to the computer at the login screen and access the Finder (they can't access the server admin tools as they are not allowed to "administrate" the server but access to the Finder is bad enough - this is a major security risk if the server is not in a secure location e.g. server room/house. If it's not consider using a different method/software to get web site files on to the server.

Install And Configure MySQL

1. Download and install MySQL e.g. 5.7.x > Community Server "Mac OS X 10.12 (x86, 64-bit), DMG Archive" - check the OS requirements
2. Go to Apple menu > System Prefernces > MySQL
• TICK "Automatically Start MySQL Server on Startup" (if not already ticked)
• Click "Start MySQL Server"

Set The MySQL Root Password

Automate MySQL Dump Backups

1. Login as root
2. Create a "Backups" folder (in a relevant location usually the root of the primary hard disk will do)
3. Use a text editor e.g. BBEdit to create a MySQL dump backup command file e.g.

#!/bin/bash



# —

# MySQL Back-up Script

# —



# Back-up All Databases

/usr/local/mysql/bin/mysqldump --user=root --password=yourmysqlrootpassword -hlocalhost --all-databases --lock-tables | gzip > /Backups/sqlbackup_monday.sql.gz

NOTE: Name it something like "mysql_backup_monday.command".
NOTE: You can test the final command line works by pasting it directly into the Terminal and checking that a mysql dump backup file has been created.
4. Use a launchd (plist) editor e.g. Lingon X to add a launchd automated task, running as root, to run the backup command you just created and pick a regular day and/or time. For example to trigger your mysql dump script to run every Monday at 01:00:
• Create a new task
• TICK "Enabled"
• Set 'User' to "root"
• Name = "com.your_domain_name.sqlbackupmonday.plist"
NOTE: plists are saved to Macintosh HD > private > var > root > Lirbary > LaunchAgents.
• Run = point this to the location of the backup command script you created above
• When tab > TICK "Scheduled"
• Set schedule to "Day of week" + "Monday" + "01:00"
• Click "Save"
• To test it works, select it and click the "Test" button - if there are no error messages you can check the script has run correctly by checking that a mysql dump backup file has been created
5. If you want a single mysql dump file that replaces itself each day you could just set the naming and launchd plist to run every weekday. But this may not be wise, because if something goes wrong, you only have the one backup dump file and if that is corrupted/bad the older ones are gone. Therefore, as per the recommendation above, create a "Monday" backup command script, duplicate that script in the Finder and edit the names to represent each day and add additional launchd plists to run each day - that way you have backups for every day. You could even go insofar as to create and run backup scripts at a different time of the day for example, weekly (02:00), monthly (03:00) and yearly (04:00). If you are manually creating/editing the launchd plist files:
• Example launchd plist file:

• line 6 filename (must match the Finder name)
• line 9 the command
• lines 14, 16, 18 timing (day, hour and minute as required)
• or lines 14, 16, 18 timing (hour, minute and weekday as required)
• Move the plist file(s) to Macintosh HD > System > Library > LaunchDaemons
• Restart the server
• Login as root
• In the Terminal run "launchctl list" to check your plist(s) have loaded (should show in the list with a status of "0" - zero)

If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.

If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix to help fund this web site.

Go to this
web page
to donate to us.