3.27.2016

Accessing nginx on firewall OS X from the network.

Short Version:

In your nginx.conf file, put this directive near the top (under the 'user' directive, for example):
daemon off;
Enable the OS X firewall for the executable, and you're done. No pfctl, No sysctl, No ipfw (for older OS X).

___

I use OmniFocus to track tasks, and due to company policy, run a private webdav server on my Mac to sync between my MacBookPro and iPhone.

I use macports so it was simple enough to load nginx as a webdav server as follows:
sudo port install nginx +dav +davext
Assuming you have a valid nginx.conf file for your configuration, there are two more things you need to do to be able to access nginx from outside your Mac's firewall.

First, at the top of your nginx.conf file (under something 'user _www') insert
daemon off;
This is the critical step to being able to access nginx from the network (not just your machine).

Secondly, you need to tell the Mac Firewall that you want access to nginx outside your MacBookPro.  You can either simply answer yes to the pop-up 'Do you want to allow access to nginx' when you start nginx, or add it to the firewall: System Preferences->Security->Firewall->Options, select the '+' sign, and navigate to and select /opt/local/sbin/nginx. (When you select the '+' sign, you may have to select cmd-shift-g to navigate to /opt/local/sbin.)

If you've installed via macports, then the following will load and start nginx:
sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.nginx
This will start nginx every time you restart your Mac.

I wasted HOURS reading various 'fixes' to let the outside world into my nginx instance. For reasons I don't understand, a process started by daemondo (macports configurations and others) need the executable, nginx in this case, to run in non-daemon mode. This is accomplished as above by setting the 'daemon' directive in nginx.conf to 'off.'

Futzing with sysctl, pfctl, etc is NOT NEEDED.