Ed's Big Plans

Zinc on a Shelf

Zinc the Mac Mini has arrived! I’ve set it up as the new webserver currently spewing forth this website. Migration and setup was incredibly easy with MAMP– copying the application folder implied moving the application plus Apache settings and SQL database. Copying the Sites folder from one machine to another was a breeze too. Of course I’ll need to upgrade the software in the backend some time in the future, but I’m very happy with how fast it was this time around. It implies very little downtime to be expected should another migration be needed within the same LAN.

Zinc also offers an additional two cores in case I need to offload experiments. I’ve read various reports about Mac Minis overheating or not– so I’ll keep an eye on the thing until I know for sure. It runs very silently next to the router right now. Headless functionality is exactly as I would have hoped and imagined.

So– anyone wanting to do any webhosting, a nice small box next to the router gets my vote.

I’ve found that the implementation of NAT (network address translation, also called internet connection sharing [ICS] (OSX) and network bridging (Windows)) on Tin is pretty decent. The most common use of NAT from a laptop is to convert the laptop into a software wireless router: the laptop is connected to an actual router via wire, and transmits the network wirelessly. I needed to do the reverse: to receive a wireless signal and then share the address with a desktop that doesn’t have a wireless interface.

This succeeded until the wireless connection was inexplicably irresolvable in that dialing to any IP address from either the desktop or Tin resulted in server timeouts. This happened over and over and usually required about ten minutes after each failure and reconnection to the wireless router.

I’ve read a bit more, and I’m really no closer to figuring out why this happened but have a few hypotheses. First, it could be that the NAT implementation isn’t as bullet proof as I had hoped; second, it could be that the router some how doesn’t like what I’m doing; and third, my ISP may see the set up as somehow disruptive to other clients and thus had disconnected me.

With the present setup, my D-Link forwards TCP/80 request to Tin on 8080 which is where Apache lives. It made sense to set up SSH and FTP as well (SFTP uses the same port as SSH AFAIK). This turned out to be remarkably easy, allowing FTP to pass through TCP/21 and SSH to pass through FTP/22 each to Tin. VNC generally uses UDP 5900 and TCP 5900~5902, but opening just UDP+TCP/5900 did the trick.

Of course, as there are _many_ sensitive items on Tin, I can’t afford to just blast everything online so I’ve deactivated the port forwarding for those services after the test was done.

Whenever it is that I get the new web serving hardware, I’ll have to create a lower privilege account to host everything. The plan is to have a box that doesn’t have any kind of interface except for its network connection so that everything is controlled over SSH/SFTP/VNC etc. wherever I am physically in the world.

Edit: Oh! I’ve just learned this is called running a machine headless. — I’ve heard that term before, I just didn’t put it together.