Angioni's Blog

Remco Angioni, The Dutch HCL Enthusiast and HCL Ambassador

Domino Nomad

HCL Nomad for Domino behind an Apache Reverse Proxy

By angioni #apache, #domino, #nomad, #proxy, #reverse

Reading the documentation, HCL only gives us the configuration for NGINX. Some companies are using Apache and not NGINX. We encourage the move to NGINX, but for now Apache is still okay.

  1. What we use in this configuration:

    Outside URL:  nomad.domain.nl
    Inside URL (Domino): internal.domain.nl
  2. SSL Certificates
    a. For Domino for communication between Apache and Domino.
     You can use MicroCA in the certstore.nsf to create the certificate for internal.domain.nl

    b. For external access ( URL to access Nomad )
     You can use Let’s Encrypt for creating this SSL certificate: nomad.domain.nl
  3. HOST for Nomad
    Set the host for Nomad in Domino:
    set co Nomad_Web_Host=internal.domain.nl
  4. Apache config
    Create /etc/apache2/sites-available/nomad.conf and run Let’s Encrypt’s certbot to create the SSL certificate:  
     certbot –apache -d nomad.domain.nl

    Edit /etc/apache2/sites-available/nomad-le-ssl.conf to enable WSS config

    For my server, I needed to change it to:
<IfModule mod_ssl.c>

<VirtualHost *:443>

  ServerAdmin remco@angioni.nl

  DocumentRoot /var/www/html/nomad

  ServerName nomad.domain.nl

  ErrorLog logs/nomad-error.log

  CustomLog logs/nomad-access.log common



  SSLProxyEngine on

  SSLProxyVerify none

  SSLProxyCheckPeerName off

  SSLProxyCheckPeerCN off

  SSLProxyCheckPeerExpire off

  ProxyPreserveHost On

  RewriteEngine on

  ProxyRequests off



  RewriteCond %{HTTP_HOST} nomad.domain.nl

  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]

  RewriteRule /(.*) wss://internal.domain.nl:9443/$1 [P,L]

  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]

  RewriteRule /(.*) https://internal.domain.nl:9443/$1 [P,L]

  RequestHeader set X-Forwarded-Proto "https"

  RewriteRule /ws/.* wss://internal.domain.nl:9443%{REQUEST_URI} [P]



  ProxyPass "/" "https://internal.domain.nl:9443/"

  ProxyPassReverse "/" "https:internal.domain.nl:9443/"



  ProxyPass /nrpc-wss/ wss://internal.domain.nl:9443/

  ProxyPassReverse /nrpc-wss/ wss://internal.domain.nl:9443/



  Include /etc/letsencrypt/options-ssl-apache.conf

  SSLCertificateFile /etc/letsencrypt/live/nomad.domain.nl/fullchain.pem

  SSLCertificateKeyFile /etc/letsencrypt/live/nomad.domain.nl/privkey.pem

</VirtualHost>

</IfModule>

Visits: 176

By angioni

Related Post

Domino JAVA

Keep HCL Domino JVM settings during upgrade?

angioni
Domino Lotus Notes

My thoughts on how Domino registers users

angioni
Domino Security

HCL Domino rename via ADMINP does not check the new username in IDVault’s inactive users view.

angioni

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

You Missed

MongoDB Sametime

How to remove a Groupchat in Sametime V12?

Sametime

Sametime 12.0.2 statistics & settings are gone after restart server

Ambassador HCL

HCL Ambassador 2024 announcement

Domino Nomad

HCL Nomad for Domino behind an Apache Reverse Proxy