Angioni's Blog

Remco Angioni, The Dutch HCL Enthusiast and HCL Ambassador

Domino Nomad

HCL Nomad for Domino behind an Apache Reverse Proxy

By angioni #apache, #domino, #nomad, #proxy, #reverse

Reading the documentation, HCL only gives us the configuration for NGINX. Some companies are using Apache and not NGINX. We encourage the move to NGINX, but for now Apache is still okay.

  1. What we use in this configuration:

    Outside URL:  nomad.domain.nl
    Inside URL (Domino): internal.domain.nl
  2. SSL Certificates
    a. For Domino for communication between Apache and Domino.
     You can use MicroCA in the certstore.nsf to create the certificate for internal.domain.nl

    b. For external access ( URL to access Nomad )
     You can use Let’s Encrypt for creating this SSL certificate: nomad.domain.nl
  3. HOST for Nomad
    Set the host for Nomad in Domino:
    set co Nomad_Web_Host=internal.domain.nl
  4. Apache config
    Create /etc/apache2/sites-available/nomad.conf and run Let’s Encrypt’s certbot to create the SSL certificate:  
     certbot –apache -d nomad.domain.nl

    Edit /etc/apache2/sites-available/nomad-le-ssl.conf to enable WSS config

    For my server, I needed to change it to:
<IfModule mod_ssl.c>

<VirtualHost *:443>

  ServerAdmin remco@angioni.nl

  DocumentRoot /var/www/html/nomad

  ServerName nomad.domain.nl

  ErrorLog logs/nomad-error.log

  CustomLog logs/nomad-access.log common



  SSLProxyEngine on

  SSLProxyVerify none

  SSLProxyCheckPeerName off

  SSLProxyCheckPeerCN off

  SSLProxyCheckPeerExpire off

  ProxyPreserveHost On

  RewriteEngine on

  ProxyRequests off



  RewriteCond %{HTTP_HOST} nomad.domain.nl

  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]

  RewriteRule /(.*) wss://internal.domain.nl:9443/$1 [P,L]

  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]

  RewriteRule /(.*) https://internal.domain.nl:9443/$1 [P,L]

  RequestHeader set X-Forwarded-Proto "https"

  RewriteRule /ws/.* wss://internal.domain.nl:9443%{REQUEST_URI} [P]



  ProxyPass "/" "https://internal.domain.nl:9443/"

  ProxyPassReverse "/" "https:internal.domain.nl:9443/"



  ProxyPass /nrpc-wss/ wss://internal.domain.nl:9443/

  ProxyPassReverse /nrpc-wss/ wss://internal.domain.nl:9443/



  Include /etc/letsencrypt/options-ssl-apache.conf

  SSLCertificateFile /etc/letsencrypt/live/nomad.domain.nl/fullchain.pem

  SSLCertificateKeyFile /etc/letsencrypt/live/nomad.domain.nl/privkey.pem

</VirtualHost>

</IfModule>

Views: 331

By angioni

Related Post

Domino

CRITICAL ALERT: Mail not routing after Domino restarts beginning December 13, 2024

angioni
Domino HCL MailScanner Traveler

Route HCL Traveler mail to your internal scanner

angioni
Domino JAVA

Keep HCL Domino JVM settings during upgrade?

angioni

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

You Missed

ChromeOS Lotus

Lotus 123 for ChromeOS

Domino

CRITICAL ALERT: Mail not routing after Domino restarts beginning December 13, 2024

Linux

Manage “history” output in Linux

Notes Security

Delegated users with only Calendar acces still can see your Mailfolders in HCL Notes (solved)