Solved

hosting domino website on Apache

Posted on 2004-09-30
9
405 Views
Last Modified: 2013-11-16
I am using a domino for mail and webmail is enabled on it.

I have installed an apache with server & client certificates and want to use it to authinticate webmail users before they reach domino.

so my network should be like this:

(web client with certificate)-----HTTPS---------->(Apache verifying clients certificates and running ssl and domino website)------>(Actual domino server)

Or if possible like this:

(web client with certificate)-----HTTPS---------->(Apache verifying clients certificates and running ssl without domino website)----HTTP---------->(actual domino server running Domino webserver and pages)

Any Clue?????????????????/
0
Comment
Question by:last
  • 4
  • 4
9 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12189214
I'd say it's impossible to bypass Domino security: Domino will check certificates on its own. And a Domino-website has its pages built from dynamic data contained in a database, there are usually very few fixed html-files.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 12197601
So you want to use Apache as a reverse proxy ?

The separate parts of this setup should work just fine.  But you are mixing 2 things here:
- SSL tunneling for the reverse proxy.  This is no problem, you can simply leave the authentication mechanism in Domino (but this won't work for the client certificate)
- Single sign on : if the user is authenticated on Apache (using the certificates), you want single sign on with the Domino server.  This is possible if you use the Domino Directory to authenticate users in Apache.  Look on the internet.   Caution: I'm not sure this will work for client certificates , but there only 1 way to find out.  Also, there is a bug in the LDAP module on Apache, so this setup is not 100% reliable.

We have this same setup, and single sign on works fine (users authenticate on the Apache Proxy - then open the Domino portal site (using ssl tunneling) - and are signed in automatically (well this actually doesn't work  100% of the time, but it works mostly).  I can't help you with the SSL client certificates ,though !  

cheers,

Tom
0
 

Author Comment

by:last
ID: 12198337
Tom

it seems that you had setup the same thing.

My users will have to provide the domino passwords after authenticating to the apache. it is a portal for them.

But do you have SSL running on Domino or just on apache??

Is your setup of the form:

Client---------HTTPS-------->Apache-----------HTTP----->Domino   ??

if yes, what I need to do on apache to forward the request to Domino in clear text and bring it back to the clients SSLed?????

thanx
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 15

Accepted Solution

by:
Bozzie4 earned 250 total points
ID: 12201377
Just run ssl on apache.  We have the same setup (exept for client certificates, we just run ssl without the client certs).

You need to install the reverse proxy modules on apache, (don't know exaclty what they're called, but you'll find it quite easily).

cheers,

Tom
0
 

Author Comment

by:last
ID: 12206707
Tom,

Aprreciated, I will try runnning the apache as a reverese proxy.
So you are running Domino on HTTP without (SSL) HTTPS?
and ssl is running only on apache.



0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 12208561
Yes, that's the idea.

It works fine - but there are other products on the market that do the same.  They could be better in your case, especially if you need single sign on and ldap integration with domino (Websphere Edge server, for instance is built  on a simple Apache reverse proxy, but IBM changed some modules, so it works better with Domino LDAP)

cheers,

Tom
0
 

Author Comment

by:last
ID: 12368243
Tom

proxying works fine now.

but the mail users are not getting the Jave applets buttons (new memo....etc) on thier browsers when they log on to domino!

Any idea?

0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 12368559
Have you considered using iNotes ?  That works fine, as long as you use the necessary rules in the reverse proxy.

To make the java applets work, they must be able to use the applets directory on the server too !  If that still doesn't work, use Mozilla to connect, and use the Sun java 2 SE console to see what it says there....

cheers,

tom
0
 

Author Comment

by:last
ID: 12380194
Tom,

the users have no problems if they connect to the domino webmail directly.the only thing is when they connect through the proxy they dont see the applets.

What is meant by "they must be able to use the applets directory"? do you mean the applets directory in the domino?  then the proxy should access it......

Pls provide more details...

Thanks,
last
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now