After a great deal of searching the net for answers I have pieced together what is needed to do a couple of things I have wanted to do for some time now. The first is to have virtual hosts working nicely on 10.7 Lion Server. The second and related item is to have multiple web servers within a LAN accessible from one WAN address.

Virtual Hosts

To get this working add the following line to the /etc/apache2/httpd.conf file and then restart the web service.

NameVirtualHost *:80

Restarting the web service can be done in the Terminal using:

sudo serveradmin stop web
sudo serveradmin start web

Now you can add virtual hosts through the Server app.

Multiple web servers within a LAN accessed from one WAN address.

Set up: The following assumes that you have 3 servers with correctly working DNS and apache services. The 10.10.10.x subnet is used for the examples, change them to whatever configuration you are using.

Set up a NAT rule on your router/modem to point port 80 through to, for example, 10.10.10.200 (or the address of the primary apache service that will redirect domains to their correct machine):

• first.domain.com = 10.10.10.200
• second.domain.com = 10.10.10.201
• third.domain.com = 10.10.10.202

DNS on the primary machine should be set up as follows:

• ZONE - domain.com
• machine record server1.domain.com. points to 10.10.10.200
• machine record server2.domain.com. points to 10.10.10.201
• machine record server3.domain.com. points to 10.10.10.202
• alias record first.domain.com. points to server1.domain.com.
• alias record second.domain.com. points to server2.domain.com.
• alias record third.domain.com point to server2.domain.com.

External DNS needs to be set up that points first.domain.com, second.domain.com and third.domain.com to your external IP address where your web server is located such as 210.55.102.xx (remember this can take up to 48 hours to become live).

Once this is done you can start adding the .conf files to the /etc/apache2/sites folder to do the redirecting.

You can name the files as you like so long as they have the .conf extension.

1st File I will call 0000_any_80_first.domain.com.conf it needs the following in it to do the redirect to the correct machine: 2nd File is called 0000_any_80_second.domain.com.conf containing: 3rd File is called 0000_any_80_third.domain.com.conf containing: Restart the web service with the Terminal command:

sudo serveradmin stop web
sudo serveradmin start web

[crarko adds: I haven't tested this one. This might also be possible to do in Lion client, but the hint as is applies to Lion Server.]

Apple does not seem to have provided a setting to change the default timezone despite the obvious need to be able to do so. This hint is a workaround giving a way of changing the timezone for all users who view the calendar via the web interface.

First backup the following file:

/usr/share/collabd/coreclient/app/views/projects/calendar.html.erb

You will need root privileges to edit the file; this can be accomplished by:

sudo nano /usr/share/collabd/coreclient/app/views/projects/calendar.html.erb

Add the following line to the original file below the line <% content_for(:head) do %>:

<meta name="tzid" content="Europe/London">

Where "Europe/London" is replaced by the desired timezone.

The file should now read (in its entirety) Save the file and exit the text editor. Restart the Wiki Server using Server.app and events should now display in the correct timezone.

[crarko adds: I don't have a Lion Server up yet to try this. Remember to backup the original file before doing any editing, and post results (or alternate ways of doing this) in the comments, please.]

Follow these steps to work around an issue that causes recurring password dialogs on iOS devices that are configured to connect to a CalDAV account hosted by Mac OS X Server 10.6.

The procedure involves turning off Digest authentication and enabling Basic authentication. Since all passwords will be sent in the clear, make sure that all traffic to the iCal server is encrypted. This can be done either by requiring users to connect via VPN or by using a valid SSL certificate and setting SSL to 'Redirect' in the iCal Service settings in Server Admin.

• Log in to an administrative user's account on the server and open the Terminal application located in /Applications/Utilities/.
• Type the following command to change to the directory containing the settings for the iCal service:
  cd /private/etc/caldavd
• Make a copy of the preference file. You will be asked for the administrative user's password after entering this line:
  sudo caldavd.plist caldavd.plist.backup
• Use the nano editor to edit the preference file:
  sudo nano caldavd.plist
• You can use the arrow keys to navigate around the contents of the preference file. First, enable Basic authentication. Go past the line that reads <key>Authentication</key>, past <key>Basic</key>, stop at <key>Enabled</key> and change <false/> to <true/> on the next line.
• Turn off Digest authentication by going past <key>Digest</key> and stop at <key>Enabled</key> and change <false/> to <true/> on the next line.
• Press Ctrl+X to exit the editor, press Y to save changes, and press the Enter key to confirm the file name.
• In Server Admin, stop the iCal service and start it again.

If you need to revert your changes. Issue the following command in the Terminal application:
[crarko adds: I haven't tested this one.]

The default invitations which iCal Server sends may be seen as spam by Spam Assassin (score of 5.8 or so), because of a large picture attachment.

The workaround for this I found was to modify the template for the invitation to eliminate the attachment.

The templates for iCal Server invitations are located in: /usr/share/caldavd/share/email_templates.

I changed mine so they are straightforward but at least not seen as spam. For example, my invite.html is:
[crarko adds: I haven't tested this one. It's a bit of a followup to this earlier hint.]

In Server Admin, the iCal settings allow you to specify a single email from which event invitations will come. For a personal calendar though, you really want the email to come from your own email.

The script which sends invitations is found at:

/usr/share/caldavd/lib/python/twistedcaldav/mail.py

It appears that it tries to find the appropriate email address, but I could not figure out how to make a value ever be present where it was looking.

So, I modified the script as shown below.

I did all this on a new mid-2010 Mac mini Server (with an external MacBook Air SuperDrive), with OS X Server 10.6.5 (re)installed on the upper drive (*disk1*) and OS X client 10.6.5 (and Fusion, many other apps, etc.) installed on the lower drive (*disk0*): i.e., with the computer used mainly as a client desktop rather than a server; so, virtualizing the server OS might be the most convenient solution, while - if desired - also being able to natively boot into the server (at least as an experiment).

So, you want to virtualize a whole hard drive (HD) with OS X Server installed? Or, more simply, if you want to install OS X Server onto an 'ordinary,' file-based Fusion virtual machine (VM), but only have a machine-specific install DVD (which will refuse to install if used to boot the VM), here is what I did.

Using the Time Machine preference pane, it is not possible to effectively exclude the data for the Software Update service from Time Machine backups on Mac OS X Server 10.6. A method is presented here which will do that.

By default the software downloaded from Apple’s servers necessary for the Software Update service is located at /private/var/db/swupd. When excluding this directory using the Time Machine preference pane the path is changed to /var/db/swupd (/var being a symbolic link to /private/var) and the data is still backed up. [crarko adds: This is for Snow Leopard Server only.]

So here was my problem: I needed to be able to produce high-resolution movies of live screen presentations (PowerPoint as it happens) with audio. And because these presentations were two hours long, people wanted chapter/section marks so they could go directly to the part they were interested in seeing again.

We wanted to stream the movies, so that people did not have to download the entire 2GB+ movie. They movies also had to be on a server I could get to, so that we could get the video online quickly.

This all proved harder than it sounds, and took me about three weeks to figure out and set up -- it wasn't hard, but it was undocumented and not intuitive. I am providing this information because the online information is either wrong, or it doesn't seem to exist.

Here's my step-by-step guide on how I finally accomplished the desired results.

[robg adds: I have reproduced most, but not all, of the linked page in the remainder of this hint, just in case the original site vanishes. However, I suggest you read it on the linked site if possible, because (a) it includes screenshots and (b) the information may be updated at some point in the future.]

While playing with Snow Leopard Server's various services, I noticed DHCP wasn't working. Actually, it worked at first for my laptop, then it stopped. Then I noticed the iPhones were not able to receive IPs either. I thought it was something with my server, so I drew a network diagram, and it gave me an idea.

I have an Internet modem connected to a Netgear router, to which the AirPort Extreme (Dual Band) is connected. My Snow Leopard Server machine is connected via the AirPort, as are all other clients. My drawing showed that when my Server was connected on the 5Ghz side, and the DHCP clients were connected on the 2.4Ghz side, DHCP would not work.

I confirmed this by splitting the dual band and connecting server and all clients on the 2.4GHz channel only. Set up this way, DHCP worked great; problem solved! I'm not sure if that makes perfect sense to the IP specialists, but I almost think this is a bug with the Dual Band implementation.

[robg adds: I can't confirm this one, but I'd be interested in comments from others using Server and Dual Band AirPort to see if this is a general issue or not.]

Today I needed to use Workgroup Manager to add a Login Item that Mounts an afp Volume. Apple provides no instructions for doing this while logged in directly on the server; instead this task is done using Workgroup Manager on a client (see this Apple support document). I didn't have my MacBook with me at the time, nor did I want to install the Server Admin Tools on another machine just for this one task.

The solution is:

1. Open Safari and enter the URL in the form of afp://IP-address-OR-Server-name/Share Point
2. Drag the favicon (next to the URL) onto the Desktop.
3. Drag the favicon into the System Preferences » Login » Items section of Workgroup Manager.
4. Click Apply Now.

Note that you do not need to add %20 to any white space when typing the URL in Safari; this will automatically be added when you drag the Favicon to the Desktop. Also, the colon and forward slash in the Weblock's file name will be replaced with hyphens.

[robg adds: I couldn't get the above-linked Apple document to load, but I did find it in Google's cache.]