Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

hosting domino website on Apache

Posted on 2004-09-30
9
Medium Priority
?
413 Views
Last Modified: 2013-11-16
I am using a domino for mail and webmail is enabled on it.

I have installed an apache with server & client certificates and want to use it to authinticate webmail users before they reach domino.

so my network should be like this:

(web client with certificate)-----HTTPS---------->(Apache verifying clients certificates and running ssl and domino website)------>(Actual domino server)

Or if possible like this:

(web client with certificate)-----HTTPS---------->(Apache verifying clients certificates and running ssl without domino website)----HTTP---------->(actual domino server running Domino webserver and pages)

Any Clue?????????????????/
0
Comment
Question by:last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12189214
I'd say it's impossible to bypass Domino security: Domino will check certificates on its own. And a Domino-website has its pages built from dynamic data contained in a database, there are usually very few fixed html-files.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 12197601
So you want to use Apache as a reverse proxy ?

The separate parts of this setup should work just fine.  But you are mixing 2 things here:
- SSL tunneling for the reverse proxy.  This is no problem, you can simply leave the authentication mechanism in Domino (but this won't work for the client certificate)
- Single sign on : if the user is authenticated on Apache (using the certificates), you want single sign on with the Domino server.  This is possible if you use the Domino Directory to authenticate users in Apache.  Look on the internet.   Caution: I'm not sure this will work for client certificates , but there only 1 way to find out.  Also, there is a bug in the LDAP module on Apache, so this setup is not 100% reliable.

We have this same setup, and single sign on works fine (users authenticate on the Apache Proxy - then open the Domino portal site (using ssl tunneling) - and are signed in automatically (well this actually doesn't work  100% of the time, but it works mostly).  I can't help you with the SSL client certificates ,though !  

cheers,

Tom
0
 

Author Comment

by:last
ID: 12198337
Tom

it seems that you had setup the same thing.

My users will have to provide the domino passwords after authenticating to the apache. it is a portal for them.

But do you have SSL running on Domino or just on apache??

Is your setup of the form:

Client---------HTTPS-------->Apache-----------HTTP----->Domino   ??

if yes, what I need to do on apache to forward the request to Domino in clear text and bring it back to the clients SSLed?????

thanx
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 15

Accepted Solution

by:
Bozzie4 earned 1000 total points
ID: 12201377
Just run ssl on apache.  We have the same setup (exept for client certificates, we just run ssl without the client certs).

You need to install the reverse proxy modules on apache, (don't know exaclty what they're called, but you'll find it quite easily).

cheers,

Tom
0
 

Author Comment

by:last
ID: 12206707
Tom,

Aprreciated, I will try runnning the apache as a reverese proxy.
So you are running Domino on HTTP without (SSL) HTTPS?
and ssl is running only on apache.



0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 12208561
Yes, that's the idea.

It works fine - but there are other products on the market that do the same.  They could be better in your case, especially if you need single sign on and ldap integration with domino (Websphere Edge server, for instance is built  on a simple Apache reverse proxy, but IBM changed some modules, so it works better with Domino LDAP)

cheers,

Tom
0
 

Author Comment

by:last
ID: 12368243
Tom

proxying works fine now.

but the mail users are not getting the Jave applets buttons (new memo....etc) on thier browsers when they log on to domino!

Any idea?

0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 12368559
Have you considered using iNotes ?  That works fine, as long as you use the necessary rules in the reverse proxy.

To make the java applets work, they must be able to use the applets directory on the server too !  If that still doesn't work, use Mozilla to connect, and use the Sun java 2 SE console to see what it says there....

cheers,

tom
0
 

Author Comment

by:last
ID: 12380194
Tom,

the users have no problems if they connect to the domino webmail directly.the only thing is when they connect through the proxy they dont see the applets.

What is meant by "they must be able to use the applets directory"? do you mean the applets directory in the domino?  then the proxy should access it......

Pls provide more details...

Thanks,
last
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question