Lesson 2: Create a public, encrypted website
In this lesson, you’ll create an website that’s available to the public Internet. You need your server’s external IP address, the server’s fully qualified domain name, and an SSL certificate.
You’re also going to learn a number of easy (yet important) concepts that are the foundation of running your own website:
The importance of domain names and host names
How to encrypt web connections to protect your data from snooping
Where the static HTML files are located on the server and how to get to them
Step 1. Get a public, static IP address
Your server needs an IP address that the public Internet can count on as the location of your web server. A static IP address is assigned to you by your ISP.
If you’re part of a large organization, consult with the person who controls the addressing, the router, gateway, or firewall that connects your network to your ISP.
The IP address is used by the domain name system to establish a link between the human-readable domain name (www.apple.com) and the machine-readable IP address (18.104.22.168).
Step 2. Get your host name and fully-qualified domain name
First, let’s review some Internet naming terms:
The Domain Name System (DNS) is the way the Internet links machine-readable static IP addresses to human-readable domain names.
Dynamic DNS is a way to use human-readable naming with IP addresses that change regularly and are periodically reassigned. If you didn’t get a public, static IP address, you’ll have to use Dynamic DNS rather than normal DNS.
The host name is the name your server is known by on your local network. For example, you could name your server “myserver” or whatever else would uniquely identify it on your network.
The domain name is the name that designates a larger organization rather than an individual member. For example, Apple’s domain name is “apple.com.” Documentation about Internet services sometimes uses “example.com” as a domain name. Domain names are leased from a Domain Name Registrar (a company that keeps track of domain names and makes sure they are unique).
The fully-qualified domain name includes the host name and the complete domain name.
A DNS provider keeps a record of the domain name and the fully-qualified domain name, and the static IP address they are associated with.
If you’re on your own for this lesson, you need a domain name and a host name. You can pick out your own host name, but you need to lease a domain name.
If you’re part of an existing organization, there’s a good chance you already have a domain name (like example.com) and some system for picking host names. Your organization should also have a DNS host to link your static IP address and domain name to each other.
In this lesson, you’ll see the following placeholder names:
Fully-qualified domain name
WARNING: If you enter the placeholder settings in this tutorial, it won’t work. The name “example.com” is reserved for use in documents like this and won’t work in real software configurations. Use your own settings.
Step 3. Get a signed SSL certificate
To encrypt your web connection, you need to buy an SSL certificate from a Certificate Authority (CA).
See the Secure your Server tutorial for more information, if you don’t already have a certificate installed.
Certificate Authorities are trusted third parties that verify the identity of SSL certificates. They make sure you’re who you claim to be, and collect a fee to digitally “sign” your cryptographic keys. Any web browser that trusts your CA will automatically trust your web server.
You can act as your own CA and sign your own keys, if you have control over all the computers that connect to your website.
Step 4. Select Websites
Open the Server app to see the list of services available in OS X Server. Select Websites.
Step 5. Create a new site
Click the Add button .
Enter the following information in the website creation pane:
Enter the server’s host name—for example, www.example.com.
This is the name that Safari users enter to view the website.
Choose the server’s static, external IP address in the pop-up menu.
Select the SSL certificate that corresponds to the domain name.
Step 6. Add an additional domain
You can add other domains that point to the same website.
For this tutorial, add the additional domain by clicking Edit next to Additional Domains, then click the Add button and type “example.com.” This way, people can use “www.example.com” or “example.com” to get the same website.
Step 7. Verify the redirect to the secure site
The unencrypted connection to the default website automatically routes to the secure network port.
Double-click the default website, then verify the following setting:
Make sure one redirect is configured.
Click Edit next to Redirects to make sure that this website redirects to the “https” version of the site.
Step 8. Test your configuration
Turn on the service.
Open Safari, then type the domain name in the address bar to see the built-in test page. Check for the lock icon in the address bar, which indicates that you’ve connected to the SSL-encrypted site.
Step 9. Find where to put your content
Once you’ve seen the built-in test page, you’ll want to substitute your own site files.
Go back to the Websites pane in Server, and select the secure website you created.
Click the Edit button to see the website settings page, then click the arrow next to the Store Site Files In pop-up menu.
The Finder opens a window showing the location of the HTML files.
You’ve learned how to create more websites using your own web apps or HTML pages.
Where to go from here
There’s still a lot to learn about website hosting. For example, you can learn to access permissions, run web apps, create server-side scripting, and directly control Apache (the software that powers the web service).
You can find out more about OS X Server’s web service in Server Help.
You might also want to learn how to access a private network securely from the Internet; see the Configure public access tutorial.