Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

hosting domino website on Apache

I am using a domino for mail and webmail is enabled on it.

I have installed an apache with server & client certificates and want to use it to authinticate webmail users before they reach domino.

so my network should be like this:

(web client with certificate)-----HTTPS---------->(Apache verifying clients certificates and running ssl and domino website)------>(Actual domino server)

Or if possible like this:

(web client with certificate)-----HTTPS---------->(Apache verifying clients certificates and running ssl without domino website)----HTTP---------->(actual domino server running Domino webserver and pages)

Any Clue?????????????????/
0
last
Asked:
last
  • 4
  • 4
1 Solution
 
Sjef BosmanGroupware ConsultantCommented:
I'd say it's impossible to bypass Domino security: Domino will check certificates on its own. And a Domino-website has its pages built from dynamic data contained in a database, there are usually very few fixed html-files.
0
 
Bozzie4Commented:
So you want to use Apache as a reverse proxy ?

The separate parts of this setup should work just fine.  But you are mixing 2 things here:
- SSL tunneling for the reverse proxy.  This is no problem, you can simply leave the authentication mechanism in Domino (but this won't work for the client certificate)
- Single sign on : if the user is authenticated on Apache (using the certificates), you want single sign on with the Domino server.  This is possible if you use the Domino Directory to authenticate users in Apache.  Look on the internet.   Caution: I'm not sure this will work for client certificates , but there only 1 way to find out.  Also, there is a bug in the LDAP module on Apache, so this setup is not 100% reliable.

We have this same setup, and single sign on works fine (users authenticate on the Apache Proxy - then open the Domino portal site (using ssl tunneling) - and are signed in automatically (well this actually doesn't work  100% of the time, but it works mostly).  I can't help you with the SSL client certificates ,though !  

cheers,

Tom
0
 
lastAuthor Commented:
Tom

it seems that you had setup the same thing.

My users will have to provide the domino passwords after authenticating to the apache. it is a portal for them.

But do you have SSL running on Domino or just on apache??

Is your setup of the form:

Client---------HTTPS-------->Apache-----------HTTP----->Domino   ??

if yes, what I need to do on apache to forward the request to Domino in clear text and bring it back to the clients SSLed?????

thanx
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Bozzie4Commented:
Just run ssl on apache.  We have the same setup (exept for client certificates, we just run ssl without the client certs).

You need to install the reverse proxy modules on apache, (don't know exaclty what they're called, but you'll find it quite easily).

cheers,

Tom
0
 
lastAuthor Commented:
Tom,

Aprreciated, I will try runnning the apache as a reverese proxy.
So you are running Domino on HTTP without (SSL) HTTPS?
and ssl is running only on apache.



0
 
Bozzie4Commented:
Yes, that's the idea.

It works fine - but there are other products on the market that do the same.  They could be better in your case, especially if you need single sign on and ldap integration with domino (Websphere Edge server, for instance is built  on a simple Apache reverse proxy, but IBM changed some modules, so it works better with Domino LDAP)

cheers,

Tom
0
 
lastAuthor Commented:
Tom

proxying works fine now.

but the mail users are not getting the Jave applets buttons (new memo....etc) on thier browsers when they log on to domino!

Any idea?

0
 
Bozzie4Commented:
Have you considered using iNotes ?  That works fine, as long as you use the necessary rules in the reverse proxy.

To make the java applets work, they must be able to use the applets directory on the server too !  If that still doesn't work, use Mozilla to connect, and use the Sun java 2 SE console to see what it says there....

cheers,

tom
0
 
lastAuthor Commented:
Tom,

the users have no problems if they connect to the domino webmail directly.the only thing is when they connect through the proxy they dont see the applets.

What is meant by "they must be able to use the applets directory"? do you mean the applets directory in the domino?  then the proxy should access it......

Pls provide more details...

Thanks,
last
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now