This is a set of notes pertaining to the conversion of the machine milvax to server duties, following the recent acquisition of a 2012 Mac mini for daily endpoint Mac computing needs.
At this exact moment, the machine consists of:
I have relocated the web proxy role to a linux VM, and so the possibilities for MILVAX are now open.
The initial thought was to use Caddy (beginner tutorial) to do this. However, it looks like Mac OS X Server might have a way to do this - ref at https://stationinthemetro.com/2017/05/02/reverse-proxy-with-macos-server
Some tutorial and thoughts links:
Other thoughts: I could also just use it as a general server. It looks like even though all the cool stuff has been deprecated after Sierra or High Sierra, it might actually still be in the setup. I'm also starting to use a larger number of Mac OS X machines at home and so it might be relevant to keep this machine as a modern support box for, say, the 2012 mini which only has a 180GB boot disk right now.
Process: (only for reverse proxy) Generally, the process will end up being:
The other major ideas are to host static ocntent with MAMP or OS X's built in Apache instance, possibly even housing several back ends for different legacy or PHP/static sites. That's subject to the potential problems with security though, especially holding onto a bunch of legacy software applications.
There's also the possibility to reuse it as a chores box, such as to do torrents, hold onto copies of dropbox/onedrive/googledrive files, for uploading from external disks to those services, or for things like BitTorrent Sync.
The other major idea is to run Windows on the thing. Windows has mostly the same possibilities with the caveat that Windows 10 or Windows Server 2019 will be getting updates and be better suited for remote desktop operation. I'd need to test out what backups on a bootcamped Windows install look like, or decide that the data isn't worth backing up, depending on the context.
The other thing I could theoretically do is pull the disk and the RAM out and use them in one of the other mini PCs, but.
High Sierra currently runs Server version 5.6.3.
It was later announced announced Server.app would be dropping most of its existing functionality and, indeed, if you look at it in Catalina, it has almost none of what it once did. It has truly been reduced to xsan, xserve, and profile management. As of Mac OS X 10.12 “Sierra” the built-in file server allows unlimited connections and at least as of 10.13 High Sierra, iOS update and iCloud content caching is available in the base/client OS.
High Sierra's Server 5.6.3 retains a lot of that functionality though. Mail/Contacts/Calendars, web/wiki, messages, DNS/DHCP, OpenDirectory, NetBoot/NetInstall, and VPN are all still available, so there's likely some use as an adjunct to vtools, a toolbox in general (the machine was running some torrents before I reformatted it, it can continue to do that), or a general purpose internal server.
The gotcha aside from (as noted below) High Sierra getting no more security updates is that Mac OS X's server.app is really in a weird in-between in this era. File services had themselves moved to the system, so if you have simple needs you can just use what's built in. Everything else that exists is weird in High Sierra, and the best experience might come from going back to El Capitan, even though that puts you at an even worse security posture.
You can move the home directories around but so far it looks like it doesn't “actually work” - so, this is to be considered an enthusiast type of option. Moving home directories is, in fact, already an option, using the built-in directory utility, so that's probably a better way to go if you just need that one functionality.
As of later this year, Mac OS X 10.13 “High Sierra” will no longer be receiving security updates. In addition, Mac OS X doesn't have a great way to run Caddy on ports 80 and 443 as a non-privileged user (for example via a service account) - it has to be run as root.
As of the discontinuation of support for 10.13, it as well as its constituent components will not be receiving security updates. Caddy will be, but as something that's not package managed, the risk of inertia is present.
It's probably a better idea to do this on a package-managed linux distribution, even if I use this Mac mini this way (or a different mini PC, I have a couple) or a virtual machine, or run it on a separate Windows computer (perhaps off-domain, RDP disabled) owing to my greater operational familiar with Windows than with Mac OS X.
Caddy says it's very secure, but you want to give yourself every possible advantage, and operational familiarity, a package-managed installation, and the like are such advantages.
Mac OS X 10.15 can be coaxed into running on 2011 Macs. It works well on a 2011 15-inch MacBook Pro I use. I haven't tried it on the mini, it would probably be fine, but I don't know how well it would be for day-to-day use.
It would be suitable for server use, to the extent that the server.app program has been absolutely gutted for Catalina, and that you can't share APFS volumes via AFP, but it would be good for time machine via SMB, an external/secondary HFS+ volume, or perhaps using the built-in Apache instance which as far as I know is still being updated, or Caddy, which would be annoying but possible.
The next best use for the machine, especially if I want to run server or appliance tasks on it, might be to run Windows 10 or 2019 on it. I have a very lot of RDP-based workflows and another would work fine.
An option here (or with another mini office PC I have) is to run SharePoint Server in a VM on a machine that's a little less busy than TECT is. (Though that's another issue.)
I do also have other machines suitable for Windows, which do need some new hardware to be used, but are newer and more powerful machines. (One is a Haswell and the other is an Ivy Bridge, each can run 16GB of RAM and they both have quad-core CPUs, for example). That doens't strictly speaking obviate the relevance of the Mac mini, even as a Windows computer, due to its dual 2.5-inch SATA capacity, and, well, the fact that it exists and I have it.
For a Windows file server - you can use a disk image file to do Time Machine backups. More at https://www.imore.com/how-use-time-machine-backup-your-mac-windows-shared-folder
I could run Caddy or some other service on Windows, especially something that might be disk-performance sensitive, for testing, or
I have it on reliable authority that Haiku will, in fact, run on the 2011 Mac mini, however Haiku isn't particularly suitable for server use, as far as I happen to know. It may still be a neat way to use hardware that's not strictly speaking on the up-and-up as a Mac.
With Base High Sierra (10.13) this machine can be used to host backups of other Macs via time machine, and host backups of iOS mobile devices with iTunes, a task it's well-suited to doing with the 2TB boot volume.
iTunes obviously works fine over the wire but I need to look into whether or not it'll work wirelessly.
Having trouble with Time Machine, unfortunately, seeing what I can find.
A problem with this, so far, is that high disk activity (especially long sustained writes) result in big slowdowns and ultimately it appears that the system might be stable, but certainly not pleasant. I'm still working on what that means in terms of whether this will be viable, but for the short term what it means is that I should consider different arrangements, i.e. finding an external hard disk for “bulk” data (time machine and file shares) or getting the dual-disk kit and either switching to a pair of 1TB CMR disks (potentially striped) or adding a boot SSD to the existing configuration.
Another note here is at the moment, most capacious (1TB and over) 2.5-inch hard disks easily available are SMR based, except for some Seagate enterprise disks (Exos 7E2000 and 10E2400) and the 2.5-inch WD Red Plus, itself a bummer as you can only get them in 1TB at the moment.
iTunes on Mac OS X 10.13 can still stream music on the local LAN to iOS devices and other Macs. Just go into preferences and then enable home sharing. For this to work on mobile devices, it appears you need to sign in with an Apple ID, which is a bummer, but does work once you do it.
On 10.13 if you format a disk as HFS+ you can share via AFP.
My proposal for a sharing scheme to be able to place user accounts on other volumes is to make folders for each share and its purpose. If you were hanging, say, a disk per user or a couple disks on the system, you could build a hierarchy that looked like this:
and then individually share the folders. When you're sharing, make sure you get rid of the permissions to your local admin account just to be on the up-and-up.
Mac OS X can also run iTunes. Especially relevant if you're using it to wirelessly back up iOS devices and have a big boot disk. Biggest bummer appears to be that play counts do not advance.
biggest possible problem with this is definitely that it's logistically difficult. you must:
another tool might end up being more practical for this purpose