Article: Domino & Apache »
FERDY CHRISTANT - MAY 24, 2004 (10:09:56 PM)
Purpose
This article explains an easy way to use Apache as a proxy for all your other servers running on the same box.
Introduction
Currently, there's many different kinds of web servers in the market. Each one has their own strengths and weaknesses. Sometimes you might need to combine different servers and use the best of many worlds. One common server to enrich a Domino environment with is Apache, the awarded, free, lightning-fast open source HTTP server used for hosting about 90% of all the world's websites.
Maybe even that's not enough. Maybe you need to integrate your Domino environment with a Websphere server. And perhaps it doesn't stop there, what if you also need a PHP server? And, what if you need to run all these on one box, with one network card? Read on...
The case
The classic way to integrate Apache with Domino is to let Apache use the standard HTTP port 80 and reroute all Domino traffic to the Domino HTTP server, which you configure to run on port 81, for instance. The rerouting is done using a rewrite rule in the Apache config file, such as this one:
RewriteRule ^(.*).nsf(.*) http://localhost:81$1.nsf$2 [P]
The rule above states that any incoming URL that has the .nsf pattern in it, will be rerouted to the Domino HTTP task, running on port 81. This is everything but water-proof:
- To take care of other Domino extensions, we need to add rules that handle .ntf, .ns4, .ns5, etc. extensions as well.
- To make sure files we refer to in the Domino server's file directory are handled by Domino, and not Apache, we need to make additional rules for icons, the domjava dir and others.
- Domino URLs that use a replica ID to refer to a Notes database will not work, unless you manually add a rewrite rule for each and everyone of them. A worst practice at best, server configuration and applications need to be loosely coupled at all times.
- Any of the many rewrite rules you would have to create mentioned above can potentially conflict with the internal working of another web server if you're in for some bad luck.
The solution
The solution to all of the above problems is amazingly simple and has been build into Apache since version 1.1: virtual hosts. Using virtual hosts you can redirect traffic to the right server using the domain, subdomain, IP or any pattern you can come up with. The remainder of this article explains a simple setup, which stacks multiple HTTP servers in a transparent way.
Configuring Domino
By default, the Domino HTTP task runs on port 80. Because Apache will take care of our incoming HTTP traffic on port 80, we need to adjust the Domino HTTP port to 81, or any other free port.
In order to set the Domino HTTP task to run on port 81, do the following:
- Open your server document in edit mode
- Go to the tab "ports", sub tab "Internet Ports", sub tab "Web".
- Fill out "81" in the field "TCP/IP port number".
- Save the server document
- Restart the HTTP task by entering "tell http restart" at the server console
Configuring Apache
This article will not explain how to install Apache. You can read all about it on apache.org. Installing Apache generally doesn't take longer than a few minutes and is straight-forward. Plus, by default, Apache runs on port 80, which is what we need.
To use Apache as a proxy and rewrite engine, we need to make sure the Apache server loads certain modules. Make sure that at least the following lines are in your Apache httpd.conf configuration file:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
If these lines are already there, make sure you remove the "#" character in front of it. If they are not there at all, add them as above.
Note:The location of the load module lines within the Apache config file differs per version.
Apache virtual hosts
Now for the interesting part. In this case setup we have Domino running on port 81, Websphere on port 9001, and Apache on port 80. We like to reroute all traffic coming from domino.ferdychristant.com to the Domino HTTP task, all traffic from was.ferdychristant.com to the Websphere server, and all other traffic to the default server, which is the Apache document root. Furthermore, we obviously do not want to enter a URL with a port number, nor do we want users to bookmark a rewritten URL that includes a port number. In short, users should not enter or see a port number in any URL.
All of the above requirements can be implemented by simply adding the following lines to the Apache httpd.conf file:
<VirtualHost *>
ServerName domino.ferdychristant.com
ServerAlias *.domino.ferdychristant.com
RewriteEngine On
RewriteRule ^/(.*) \http://domino.ferdychristant.com:81/$1 [P]
</VirtualHost>
<VirtualHost *>
ServerName was.ferdychristant.com
ServerAlias *.was.ferdychristant.com
RewriteEngine On
RewriteRule ^/(.*) \http://was.ferdychristant.com:9001/$1 [P]
</VirtualHost>
We have defined two virtual hosts and rerouted two subdomains to the right server. In each virtual host definition, we can define the incoming URL pattern, as well as the rewrite rule that routes it to the right port, directory, (sub)domain or IP. The "[P]" behind each rewrite rule sets Apache to proxy the URL, which takes care of our requirement of transparent URLs without explicit port numbers. The following scheme shows how this works:
- All incoming traffic on the box comes in at port 80.
- The Apache proxy/rewrite engine handles the incoming request and proxies it to the right web server/port.
- The appropriate web server handles the incoming request.
- The appropriate web server generates a response, if any. This response will arrive again at the Apache proxy engine who does a reverse proxy action on it.
- The response will be sent back to the user who requested it.
Conclusion
Using Apache's virtual hosts, you can redirect incoming traffic to the appropriate web server on your box, fail-safe, transparent for the end user, and with just one rewrite rule. Compared to the classic Domino & Apache setup, the only difference is that we separate incoming traffic by (sub)domain, IP, directory or hostname. With some proper URL management, you should be able to apply this technique in any situation.No longer do you need to write new rewrite rules as soon as you need to deploy a new application on Domino, or when a new extension is introduced. No longer do you need to add rewrite rules for coping with the internal working of your web server, such as icon directories and such. No longer do you need to worry about potential URL conflicts between different web servers. Want to add a new server to the box? Simply add one virtual host entry. Summarized, this is as good as it gets.
Tip: Additionally, you can always refine your URL policy within Domino using the Internet configuration documents that came new in R6.
Resources
Comments: 21
Reviews: 7
Average rating:
Highest rating: 4
Lowest rating: 3
COMMENT: TED
MAY 28, 11:36:39
groetjes
Ted «
COMMENT: DON CALLAWAY
AUG 4, 18:59:17
Good job! «
COMMENT: SEAN
FEB 11, 04:42:29
COMMENT: FERDY
FEB 11, 07:20:23
In fact, you can still use the regular Domino internet site documents in administrator to route your domain to the .nsf, even if Domino is running on port 81. That's how I have set it up. «
COMMENT: SEAN
FEB 11, 21:17:23
Forgive me, but I guess I don't understand how is accomplished. How can this be configured in Domino if Apache is routing the traffic? When typing in www.mydomain.com into the browser, Apache routes the user to Apache's webroot. Does Domino override this setting? Would you point me in the right direction or even explain it here? «
COMMENT: FERDY
FEB 11, 23:22:15
COMMENT: SEAN
FEB 11, 23:50:55
I don't know if what I'm trying to do isn't possible or I'm not quite there yet. I think things would work before if I was using 2 seperate ServerNames. Although, I really don't want to do this. If I have to, I most certainly will, but I thought I could use www.mydomain.com for everything.
So, all I really want is for all .nsf files to redirect to port 81 and all .php/.htm files to redirect to port 80. I can get this to work, but having a Domino database set as the default homepage doesn't seem to work unless I use the VirtualHost redirect. When I use the VirtualHost redirect, something breaks. I don't think it makes a difference, but I'm using Domino 6.0.4...just thought I'd mention it.
Last but certainly not least, thanks for you time with all of this. I know it's driving me nuts, I can only imagine how you feel. «
COMMENT: PAUL
MAY 11, 17:15:32
Alias /icons/ "C:/Program Files/Apache Group/Apache/icons/"
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
may work.
I could be wrong though. «
COMMENT: RIGGERS
AUG 23, 16:15:03
COMMENT: ASHRAF
NOV 30, 03:10:56 PM
COMMENT: ALASTAIR GRANT
JAN 28, 06:06:42 PM
I want apache to route requests for
www.mydomain1.com --> [domino] -> /directory1/user.nsf
and
www.mydomain2.com --> [domino] -> /directory2/user.nsf
Then
www.mydomain1.com/vwView?openview will work
and also
www.mydomain2.com/vwView?openview will work
It seems that the first instance of is overiding the others...
Of course you can use the internet site documents in domino but then it wont hide the database path.
Any ideas? Maybe I need a apache guru!...
Thanks
Alastair
«
COMMENT: BILL
JUL 12, 08:48:34 PM
If this is possible what is the URL the web user is going to see? Will they see the 192.168.2.101? Also, will this process open any significant security holes? «
COMMENT: FERDY
JUL 13, 08:41:34 AM
I'm a novice myself, but I think if you use rewrite rules inside a virtual host, as discussed above, it will work just fine. You obviously will need to allow the Apache server to access Domino. I'm no security expert but I guess binding exclusively to its MAC address is an option. Security of Domino will then be just as good (or bad) as your Apache setup.
I hope that helped
«
COMMENT: MCL
AUG 9, 16:15:58
COMMENT: PETER
JAN 11, 11:44:41 PM
One thing that I did find was when either of the servers did a re-direct the port name would re-appear in the address, and would then be blocked by our firewall.
After a bit of stuffing around I found the following worked
ServerName domino.ferdychristant.com
ServerAlias *.domino.ferdychristant.com
RewriteEngine On
RewriteRule ^/(.*) \http://domino.ferdychristant.com:81/$1 [P]
ProxyPassReverse / http://domino.ferdychristant.com:81/
ServerName was.ferdychristant.com
ServerAlias *.was.ferdychristant.com
RewriteEngine On
RewriteRule ^/(.*) \http://was.ferdychristant.com:9001/$1 [P]
ProxyPassReverse / http://was.ferdychristant.com:9001/ «
COMMENT: PETER
JAN 11, 11:48:58 PM
Basically I just added the following line after the RewriteRule line:
ProxyPassReverse / http://domino.ferdychristant.com:81/ «
COMMENT: ROBERT LOZANO
JUL 7, 11:18:07 PM
COMMENT: JOE
JUL 20, 04:56:35 PM
thanks for the great article, even 3 years later :)
Note that all this can be used instead of mod_jk to connect Apache and Tomcat. It seems that mod_jk is a bit faster, but your way is easier to configure since mod_proxy is now part of the default installation. «
COMMENT: KEVALA
OCT 9, 05:54:50 AM
but u hav work a good job to create u'r own web, its nice «
COMMENT: ARCHIE
APR 19, 2008 - 04:30:25 AM
Have you ever tried utilizing the Redline/Juniper DX series device to connect to a DWA infrastructure ? If, I'd be curious to know if you were able to get it to work and how.
Again, great writing on this. «
COMMENT: LUC
OCT 31, 2008 - 11:09:01
I have several internet site documents in domino
ie : webmail.top-infogerance.com
www.top-infogerance.com
audescendeur.top-infogerance.com
and so...
I create m' virtual hosts as this
ServerName www.top-infogerance.com
ServerAlias www.top-infogerance.com
RewriteEngine On
RewriteRule ^/(.*) \http://www.top-infogerance.com:81/$1 [P]
ServerName webmail.top-infogerance.com
ServerAlias webmail.top-infogerance.com
RewriteEngine On
RewriteRule ^/(.*) \http://webmail.top-infogerance.com:81/$2 [P]
but it is always redirecting on the first one ?
Could you please help me
Thks & Rgds
Luc «