HCL Nomad for Domino behind an Apache Reverse Proxy

Reading the documentation, HCL only gives us the configuration for NGINX. Some companies are using Apache and not NGINX. We encourage the move to NGINX, but for now Apache is still okay.

  1. What we use in this configuration:

    Outside URL:ā€ƒ nomad.domain.nl
    Inside URL (Domino): internal.domain.nl
  2. SSL Certificates
    a. For Domino for communication between Apache and Domino.
    ā€ƒYou can use MicroCA in the certstore.nsf to create the certificate for internal.domain.nl

    b. For external access ( URL to access Nomad )
    ā€ƒYou can use Let’s Encrypt for creating this SSL certificate: nomad.domain.nl
  3. HOST for Nomad
    Set the host for Nomad in Domino:
    set co Nomad_Web_Host=internal.domain.nl
  4. Apache config
    Create /etc/apache2/sites-available/nomad.conf and run Let’s Encrypt’s certbot to create the SSL certificate: ā€ƒ
     certbot –apache -d nomad.domain.nl

    Edit /etc/apache2/sites-available/nomad-le-ssl.conf to enable WSS config

    For my server, I needed to change it to:
<IfModule mod_ssl.c>

<VirtualHost *:443>
ā€ƒ ServerAdmin remco@angioni.nl
DocumentRoot /var/www/html/nomad
ServerName nomad.domain.nl
ErrorLog logs/nomad-error.log
CustomLog logs/nomad-access.log common

ā€ƒ SSLProxyEngine on
ā€ƒ SSLProxyVerify none
ā€ƒ SSLProxyCheckPeerName off
ā€ƒ SSLProxyCheckPeerCN off
ā€ƒ SSLProxyCheckPeerExpire off
ā€ƒ ProxyPreserveHost On
ā€ƒ RewriteEngine on
ā€ƒ ProxyRequests off

RewriteCond %{HTTP_HOST} nomad.domain.nl
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule /(.*) wss://internal.domain.nl:9443/$1 [P,L]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule /(.*) https://internal.domain.nl:9443/$1 [P,L]
RequestHeader set X-Forwarded-Proto "https"
RewriteRule /ws/.* wss://internal.domain.nl:9443%{REQUEST_URI} [P]

ProxyPass "/" "https://internal.domain.nl:9443/"
ProxyPassReverse "/" "https:internal.domain.nl:9443/"

ProxyPass /nrpc-wss/ wss://internal.domain.nl:9443/
ProxyPassReverse /nrpc-wss/ wss://internal.domain.nl:9443/

ā€ƒā€‚Include /etc/letsencrypt/options-ssl-apache.conf
ā€ƒ SSLCertificateFile /etc/letsencrypt/live/nomad.domain.nl/fullchain.pem
ā€ƒ SSLCertificateKeyFile /etc/letsencrypt/live/nomad.domain.nl/privkey.pem
</VirtualHost>
</IfModule>

Views: 453

By angioni

Leave a Reply

Your email address will not be published. Required fields are marked *