Do you want to expose a Domino HTTP server address to a public network due to well-known security considerations?
Can multiple Domino servers use only one address?
This demand is growing in the context of deploying Domino. These can be implemented as Domino's reverse proxy (reverse proxy) by installing the Apache HTTP server.
Why Apache HTTP Server selection
First, it is an open source project, document source code can refer to. Second, it has been widely used, robust and legendary. Finally, the installation configuration is simple and can be done in less than 10 minutes on Windows.
A reverse proxy is an application of the Apache server that handles connection requests from clients on the Internet, then forwards requests to servers on the internal network and returns results from servers on the internal network to clients requesting connections on the Internet. Refer to the following schematic:
Figure 1. Reverse proxy schematic
The Apache reverse proxy server on the diagram above does not have real data for any web pages, all of which come from the internal Domino server. Therefore, the attack on the reverse proxy server does not cause the data on the Domino server to be compromised, which enhances the security of the WEB server.
In actual deployment, the reverse proxy is usually located outside the firewall, and the Domino server is in the firewall and is protected by the firewall.
Apache Reverse proxy can also configure allowable cache data, such as pictures, according to requirements. You can also configure dynamic load balancing, among other features, but these features are not covered in this article.
Installing the Apache WEB server
Let's take Windows for example.
First go to the Apache website http://httpd.apache.org/download.cgi Download a stable version of Windows installer package. After downloading, click to perform installation, all the way using the default configuration, just fill in the name of the host, fill in the actual installation of the machine external host name, such as we fill in: bj.cn.ibm.com.
After the installation, the window will have an icon in the lower right corner, when the Apache HTTP server has been automatically run. Attempting to open the browser, enter http://dev.cn.ibm.com, return, and open the default Web page, indicating that the Apache server is working properly.
If it is a test configuration environment, and there is no real external host name, you can add in the c:\windows\system32\drives\etc\hosts:
IP address hostname
If the IP address of the machine is 192.168.0.11, you can add the following line:
192.168.0.11 bj.cn.ibm.com
Hostname can be multiple. If multiple hostname actually use the same IP, for example, the following is 2 host sharing an IP address:
192.168.0.11 bj.cn.ibm.com sh.cn.ibm.com
Reverse proxy configuration
Let's look at how to combine the Domino server and configure the reverse proxy. Now suppose 11545.html "> We have 2 Domino servers, they belong to a cluster (cluster).
One of the host names is: inotesBJ.cn.ibm.com
Another host name is: inotesSH.cn.ibm.com
The Apache server is just installed.
When configured, Internet users use bj.cn.ibm.com directly to transparently access inotesBJ.cn.ibm.com; Or use sh.cn.ibm.com to transparently access inotesSH.cn.ibm.com. They don't really know the existence of inotebj/inotessh.cn.ibm.com.
We know that Domino Web Services support HTTP and Htpps two ways, the reverse proxy configuration for HTTPS is slightly more complex, and the following HTTP configuration begins.