I'm having some issues properly setting up 10.7.3 to host internal DNS and external Web, Wiki and Mail. Specially, I'm having issues with external web and wiki access. Since those are the most important right now, I haven't really had a chance to fully test the other features. I was able to do some testing of the mail and iCal but it was limited.
Long read below but I thought the specifics would be helpful...
My goals and configuration are:
1) Host a public website: example.org and www.example.org
2) Host a public wiki: main.example.org and www.main.example.org
3) Host a public mail server: email@example.com
4) Host a public, group calendar
4a) Read only to majority - Read/Write to a group
5) Host a global address book for authenticated users
6) Allow anonymous public access to a file share (read only)
7) Allow authenticated access to the same file share (read/write)
8) Do as much of this via GUIs as possible.
The amount of users (if relevant):
On site - 1 (Me)
Off site - 16 (Windows clients - some have iOS devices too)
Web site traffic - less than 50 regular visits per day (avg of 15) with a peek of ~125 once a month.
This is for a 501c3 public nonprofit made of all unpaid volunteers (including the officers and directors). All of us have paying day jobs and I just so happen to be the guy that knows just enough to get myself in trouble here. ANY help would be greatly appreciated!!!
***SETUP AND CONFIGURATION***
1) Business class Internet (no blocked ports)
2) A single, public and static IP address
3) Domain name and public DNS via GoDaddy
4) Wildcard Cert: *.example.org from GoDaddy
5) Late 2011 (bought in Jan 2012) MacMini Lion Server (the $1,000 one).
5a) Upgraded the RAM to 16GB (need for VMware Windows clients)
5b) Added two USB to Ethernet adapters.
6) Using a new model AirPort Extreme Base Station (bought w/ the MM) as the main router.
7) Setup a Mac Address reservation for the main and two USB Ethernet ports along with the wireless too.
7a) Main port = 10.0.1.5 / others are .6, .7 and .10
8) During the setup, I chose the Host on the Internet (third) option and named my server: main.example.org
9) After the setup completed, I upgraded the OS & Admin Tool to 10.7.3 from a clean install (on #5 now)
10) I used the admin tool to open DNS and change:
11) "Primary Zone Name" from main.example.org to example.org.
12) In the "Nameservers:" block, I changed the zone name there but left the nameserver name alone (zone: example.org /// Nameserver Hostname: main.example.org).
13) The Machine Name and Reverse Zone was left alone. RZ resolves to main.example.org. sudo changeip -checkhostname is good. dig on the example.org and main.example.org are good to go (NOERROR).
14) From the server app, I clicked Manage/Network Accounts and setup the OD - No issues.
15) From the server app, I created self signed cert, generated a CSR, got a public Cert, then replaced the self-signed with the public one - No issues.
16) Changed any service using the self-signed cert to the public one - No issues.
17) Changed the cert in the OD to the public cert from server admin - No issues.
In order: File Sharing, Mail, AB, iCal, Web, Wiki, Profile Manager, Network Groups, Network Users
18) File Sharing was setup using the server app
19) Setup mail using the server app to start it and the server admin app to configure it - No issues there (I think...)
20) AB - Flipped the switch to on
21) iCal - Flipped the switch to on - I setup the e-mail address to use after I added the network accounts.
22) Web - Flipped the switch to on - Default site worked (main.example.org)
23) Wiki - Flipped the switch to on - Default wiki worked. (main.example.org)
24) PM - Checked the sign config profiles and enabled the device mgt. I then flipped the switch to on - Default settings and pages worked.
25) Public DNS settings from GoDaddy with these records:
A records pointing to my static IP:
www points to @
Adding a website for example.org gave me the red dot in the server app. To fix that, I added a Machine Name record to my primary zone (PZ = example.org Machine Name = example.org). I first tried using the same 10.0.1.5 IP as the main.example.org and left the reverse mapping alone (still resolved to the NS of main.example.org).
That gave me the green light in the server app when trying to add the website again. From there, I changed the "Store Site Files In" to the location of my website files (and confirmed "Everyone" has Read Access in the folder's security settings). I left the other info alone (all defaults accepted) and clicked done.
Access to the website works on the server but external access doesn't (Network Error/timed out tcp_error). Checked the AirPort settings using the AirPort utility (version 5.5.3) and the Port Mapping (under the "Advanced" icon) show serveral services all pointing to 10.0.1.5. Thinking it could be DNS I tried main.example.org externally and it failed the same way.
I ran the changeip command (good to go) and dig on example.org and main.example.org and they both resolved to 10.0.1.5 correctly.
I removed the example.org Machine Record from the zone and it now looks like:
PZ=example.org / ZONE=example.org / NS=main.example.org
Machine Record=main.example.org / IP=10.0.1.5
RM=10.0.1.5 / Resolves=main.example.org