Lesson 2: Create a public, encrypted website

In this lesson, you’ll create an website that’s available to the public Internet. You need your server’s external IP address, the server’s fully qualified domain name, and an SSL certificate.

You’re also going to learn a number of easy (yet important) concepts that are the foundation of running your own website:

  • The importance of domain names and host names

  • How to encrypt web connections to protect your data from snooping

  • Where the static HTML files are located on the server and how to get to them

Step 1. Get a public, static IP address

  • Your server needs an IP address that the public Internet can count on as the location of your web server. A static IP address is assigned to you by your ISP.

    If you’re part of a large organization, consult with the person who controls the addressing, the router, gateway, or firewall that connects your network to your ISP.

    The IP address is used by the domain name system to establish a link between the human-readable domain name (www.apple.com) and the machine-readable IP address (1.2.3.4).

Step 2. Get your host name and fully-qualified domain name

First, let’s review some Internet naming terms:

  • The Domain Name System (DNS) is the way the Internet links machine-readable static IP addresses to human-readable domain names.

    Dynamic DNS is a way to use human-readable naming with IP addresses that change regularly and are periodically reassigned. If you didn’t get a public, static IP address, you’ll have to use Dynamic DNS rather than normal DNS.

  • The host name is the name your server is known by on your local network. For example, you could name your server “myserver” or whatever else would uniquely identify it on your network.

  • The domain name is the name that designates a larger organization rather than an individual member. For example, Apple’s domain name is “apple.com.” Documentation about Internet services sometimes uses “example.com” as a domain name. Domain names are leased from a Domain Name Registrar (a company that keeps track of domain names and makes sure they are unique).

  • The fully-qualified domain name includes the host name and the complete domain name.

  • A DNS provider keeps a record of the domain name and the fully-qualified domain name, and the static IP address they are associated with.

  • If you’re on your own for this lesson, you need a domain name and a host name. You can pick out your own host name, but you need to lease a domain name.

    If you’re part of an existing organization, there’s a good chance you already have a domain name (like example.com) and some system for picking host names. Your organization should also have a DNS host to link your static IP address and domain name to each other.

    In this lesson, you’ll see the following placeholder names:

    Setting

    Placeholder name

    Domain name

    example.com

    Hostname

    www

    Fully-qualified domain name

    www.example.com

    WARNING: If you enter the placeholder settings in this tutorial, it won’t work. The name “example.com” is reserved for use in documents like this and won’t work in real software configurations. Use your own settings.

Step 3. Get a signed SSL certificate

  • To encrypt your web connection, you need to buy an SSL certificate from a Certificate Authority (CA).

    See the Secure your Server tutorial for more information, if you don’t already have a certificate installed.

    Certificate Authorities are trusted third parties that verify the identity of SSL certificates. They make sure you’re who you claim to be, and collect a fee to digitally “sign” your cryptographic keys. Any web browser that trusts your CA will automatically trust your web server.

    You can act as your own CA and sign your own keys, if you have control over all the computers that connect to your website.

Step 4. Select Websites

  • Open the Server app to see the list of services available in OS X Server. Select Websites.

Step 5. Create a new site

  • Click the Add button add.

    Arrow indicating add websites button

    Enter the following information in the website creation pane:

    • Enter the server’s host name—for example, www.example.com.

      This is the name that Safari users enter to view the website.

    • Choose the server’s static, external IP address in the pop-up menu.

    • Select the SSL certificate that corresponds to the domain name.

    Website configuration sheet

Step 6. Add an additional domain

You can add other domains that point to the same website.

  • For this tutorial, add the additional domain by clicking Edit next to Additional Domains, then click the Add button add and type “example.com.” This way, people can use “www.example.com” or “example.com” to get the same website.

    Arrow indicating additional domain button

Step 7. Verify the redirect to the secure site

The unencrypted connection to the default website automatically routes to the secure network port.

  1. Double-click the default website, then verify the following setting:

    1. Make sure one redirect is configured.

      Arrow indicating Redirects button
    2. Click Edit next to Redirects to make sure that this website redirects to the “https” version of the site.

      Redirect sheet
  2. Click OK.

Step 8. Test your configuration

  1. Turn on the service.

    Websites service on switch
  2. Open Safari, then type the domain name in the address bar to see the built-in test page. Check for the lock icon in the address bar, which indicates that you’ve connected to the SSL-encrypted site.

Step 9. Find where to put your content

Once you’ve seen the built-in test page, you’ll want to substitute your own site files.

  1. Go back to the Websites pane in Server, and select the secure website you created.

  2. Click the Edit button to see the website settings page, then click the arrow next to the Store Site Files In pop-up menu.

    The Finder opens a window showing the location of the HTML files.

Congratulations!

You’ve learned how to create more websites using your own web apps or HTML pages.

Where to go from here

There’s still a lot to learn about website hosting. For example, you can learn to access permissions, run web apps, create server-side scripting, and directly control Apache (the software that powers the web service).

You can find out more about OS X Server’s web service in Server Help.

You might also want to learn how to access a private network securely from the Internet; see the Configure public access tutorial.