administration mode
Pssst...Ferdy is the creator of JungleDragon, an awesome wildlife community. Visit JungleDragon

 

Article: Domino & Apache »

FERDY CHRISTANT - MAY 24, 2004 (10:09:56 PM)

Purpose

This article explains an easy way to use Apache as a proxy for all your other servers running on the same box.

Introduction

Currently, there's many different kinds of web servers in the market. Each one has their own strengths and weaknesses. Sometimes you might need to combine different servers and use the best of many worlds. One common server to enrich a Domino environment with is Apache, the awarded, free, lightning-fast open source HTTP server used for hosting about 90% of all the world's websites.

Maybe even that's not enough. Maybe you need to integrate your Domino environment with a Websphere server. And perhaps it doesn't stop there, what if you also need a PHP server? And, what if you need to run all these on one box, with one network card? Read on...

The case

The classic way to integrate Apache with Domino is to let Apache use the standard HTTP port 80 and reroute all Domino traffic to the Domino HTTP server, which you configure to run on port 81, for instance. The rerouting is done using a rewrite rule in the Apache config file, such as this one:

RewriteRule ^(.*).nsf(.*) http://localhost:81$1.nsf$2 [P]

The rule above states that any incoming URL that has the .nsf pattern in it, will be rerouted to the Domino HTTP task, running on port 81. This is everything but water-proof:

  • To take care of other Domino extensions, we need to add rules that handle .ntf, .ns4, .ns5, etc. extensions as well.
  • To make sure files we refer to in the Domino server's file directory are handled by Domino, and not Apache, we need to make additional rules for icons, the domjava dir and others.
  • Domino URLs that use a replica ID to refer to a Notes database will not work, unless you manually add a rewrite rule for each and everyone of them. A worst practice at best, server configuration and applications need to be loosely coupled at all times.
  • Any of the many rewrite rules you would have to create mentioned above can potentially conflict with the internal working of another web server if you're in for some bad luck.

The solution

The solution to all of the above problems is amazingly simple and has been build into Apache since version 1.1: virtual hosts. Using virtual hosts you can redirect traffic to the right server using the domain, subdomain, IP or any pattern you can come up with. The remainder of this article explains a simple setup, which stacks multiple HTTP servers in a transparent way.

Configuring Domino

By default, the Domino HTTP task runs on port 80. Because Apache will take care of our incoming HTTP traffic on port 80, we need to adjust the Domino HTTP port to 81, or any other free port.

In order to set the Domino HTTP task to run on port 81, do the following:

  1. Open your server document in edit mode
  2. Go to the tab "ports", sub tab "Internet Ports", sub tab "Web".
  3. Fill out "81" in the field "TCP/IP port number".
  4. Save the server document
  5. Restart the HTTP task by entering "tell http restart" at the server console

Domino on port 81

Configuring Apache

This article will not explain how to install Apache. You can read all about it on apache.org. Installing Apache generally doesn't take longer than a few minutes and is straight-forward. Plus, by default, Apache runs on port 80, which is what we need.

To use Apache as a proxy and rewrite engine, we need to make sure the Apache server loads certain modules. Make sure that at least the following lines are in your Apache httpd.conf configuration file:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so

If these lines are already there, make sure you remove the "#" character in front of it. If they are not there at all, add them as above.

Note:The location of the load module lines within the Apache config file differs per version.

Apache virtual hosts

Now for the interesting part. In this case setup we have Domino running on port 81, Websphere on port 9001, and Apache on port 80. We like to reroute all traffic coming from domino.ferdychristant.com to the Domino HTTP task, all traffic from was.ferdychristant.com to the Websphere server, and all other traffic to the default server, which is the Apache document root. Furthermore, we obviously do not want to enter a URL with a port number, nor do we want users to bookmark a rewritten URL that includes a port number. In short, users should not enter or see a port number in any URL.

All of the above requirements can be implemented by simply adding the following lines to the Apache httpd.conf file:

<VirtualHost *>
ServerName domino.ferdychristant.com
ServerAlias *.domino.ferdychristant.com
RewriteEngine On
RewriteRule ^/(.*) \http://domino.ferdychristant.com:81/$1 [P]
</VirtualHost>
<VirtualHost *>
ServerName was.ferdychristant.com
ServerAlias *.was.ferdychristant.com
RewriteEngine On
RewriteRule ^/(.*) \http://was.ferdychristant.com:9001/$1 [P]
</VirtualHost>

We have defined two virtual hosts and rerouted two subdomains to the right server. In each virtual host definition, we can define the incoming URL pattern, as well as the rewrite rule that routes it to the right port, directory, (sub)domain or IP. The "[P]" behind each rewrite rule sets Apache to proxy the URL, which takes care of our requirement of transparent URLs without explicit port numbers. The following scheme shows how this works:

Apache Setup Scheme

  1. All incoming traffic on the box comes in at port 80.
  2. The Apache proxy/rewrite engine handles the incoming request and proxies it to the right web server/port.
  3. The appropriate web server handles the incoming request.
  4. The appropriate web server generates a response, if any. This response will arrive again at the Apache proxy engine who does a reverse proxy action on it.
  5. The response will be sent back to the user who requested it.

Conclusion

Using Apache's virtual hosts, you can redirect incoming traffic to the appropriate web server on your box, fail-safe, transparent for the end user, and with just one rewrite rule. Compared to the classic Domino & Apache setup, the only difference is that we separate incoming traffic by (sub)domain, IP, directory or hostname. With some proper URL management, you should be able to apply this technique in any situation.

No longer do you need to write new rewrite rules as soon as you need to deploy a new application on Domino, or when a new extension is introduced. No longer do you need to add rewrite rules for coping with the internal working of your web server, such as icon directories and such. No longer do you need to worry about potential URL conflicts between different web servers. Want to add a new server to the box? Simply add one virtual host entry. Summarized, this is as good as it gets.

Tip: Additionally, you can always refine your URL policy within Domino using the Internet configuration documents that came new in R6.

Resources

Share |

Comments: 25
Reviews: 8
Average rating: rating
Highest rating: 5
Lowest rating: 3

COMMENT: TED homepagerating

MAY 28, 11:36:39

comment » Finally I found a good and clear article about Apache and Domino! Keep up the good work.

groetjes

Ted «

COMMENT: DON CALLAWAY emailhomepagerating

AUG 4, 18:59:17

comment » I followed your link from Codestore. This is a nice article on using apache as your local server traffic cop.

Good job! «

COMMENT: SEAN rating

FEB 11, 04:42:29

comment » Another superb article! Now that I've got this set up and it's working just as expected, I'd like the default page to open a database. Apache is running on port 80 and Domino is running on port 81. The .nsf redirect works well and all .php/.htm pages behave just as described. Is there any way to tell Apache to open my blog.nsf database when users come to www.mydomain.com? I know this can be done with Domino when it is set at port 80, but now that Apache is "in control", I'm not sure how to proceed. Is this possible? «

COMMENT: FERDY

FEB 11, 07:20:23

comment » Sean, thanks for the compliments.

In fact, you can still use the regular Domino internet site documents in administrator to route your domain to the .nsf, even if Domino is running on port 81. That's how I have set it up. «

COMMENT: SEAN

FEB 11, 21:17:23

comment » Ferdy,

Forgive me, but I guess I don't understand how is accomplished. How can this be configured in Domino if Apache is routing the traffic? When typing in www.mydomain.com into the browser, Apache routes the user to Apache's webroot. Does Domino override this setting? Would you point me in the right direction or even explain it here? «

COMMENT: FERDY

FEB 11, 23:22:15

comment » Sean, no problem. Using the Apache rewrite rules, see examples above, you can tell Apache to redirect certain domains at another port. For instance you can redirect mydomain.com to port 81. If Domino is running on 81, and you have the proper internet site document configured, then voila. Does that make sense «

COMMENT: SEAN

FEB 11, 23:50:55

comment » Actually, it does make sense, but it didn't occur to me because I'm only using 1 domain. After I posted my message, I tried adding the VirtualHost code to my httpd.conf, which worked! www.mydomain.com points to www.mydomain.com:81. On the server document, I set the hompage to "/apps/blog.nsf". So now using the base URL will take the user to www.mydomain.com:81/apps/blog.nsf. This is great and exactly what I wanted. However, www.mydomain.com/photos no longer works. This section of the site is housed in Apache's webroot (which is using PHP/mySQL). Now with the VirtualHost redirect in place, Apache takes the user to www.mydomain.com:81/photos which doesn't exist.

I don't know if what I'm trying to do isn't possible or I'm not quite there yet. I think things would work before if I was using 2 seperate ServerNames. Although, I really don't want to do this. If I have to, I most certainly will, but I thought I could use www.mydomain.com for everything.

So, all I really want is for all .nsf files to redirect to port 81 and all .php/.htm files to redirect to port 80. I can get this to work, but having a Domino database set as the default homepage doesn't seem to work unless I use the VirtualHost redirect. When I use the VirtualHost redirect, something breaks. I don't think it makes a difference, but I'm using Domino 6.0.4...just thought I'd mention it.

Last but certainly not least, thanks for you time with all of this. I know it's driving me nuts, I can only imagine how you feel. «

COMMENT: PAUL emailhomepage

MAY 11, 17:15:32

comment » Hi Sean, what you could do is use a alias, now I haven't actually tested this, but I would assume the alias will come before the rewrite, so something similar to

Alias /icons/ "C:/Program Files/Apache Group/Apache/icons/"

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

may work.

I could be wrong though. «

COMMENT: RIGGERS emailhomepage

AUG 23, 16:15:03

comment » Hi, Excellent information. I have tried this on a Apache Reverse Proxy linked to a separate Domino.Doc server. I have a problem though when I switch on Session Authentication in Domino, the Domcfg.nsf login form shows up, but the authentication does not work and returns the form with the original server name. Any ideas ?????? «

COMMENT: ASHRAF

NOV 30, 03:10:56 PM

comment » sds «

COMMENT: ALASTAIR GRANT emailhomepagerating

JAN 28, 06:06:42 PM

comment » Hi, I'm trying to get this to work with multiple domains...

I want apache to route requests for

www.mydomain1.com --> [domino] -> /directory1/user.nsf

and

www.mydomain2.com --> [domino] -> /directory2/user.nsf

Then

www.mydomain1.com/vwView?openview will work

and also

www.mydomain2.com/vwView?openview will work

It seems that the first instance of is overiding the others...

Of course you can use the internet site documents in domino but then it wont hide the database path.

Any ideas? Maybe I need a apache guru!...

Thanks

Alastair 07 «

COMMENT: BILL email

JUL 12, 08:48:34 PM

comment » Read your article and as an Apache novice I have a question that I don't think has been asked. Here is the situation that I would like to do. We would have Apache running on our Web Server connected directly to the internet. On another server running Domino connected by an internal network I would like to have Apache pass Domino hits through to the Domino server say on 192.168.2.101

If this is possible what is the URL the web user is going to see? Will they see the 192.168.2.101? Also, will this process open any significant security holes? «

COMMENT: FERDY

JUL 13, 08:41:34 AM

comment » Bill,

I'm a novice myself, but I think if you use rewrite rules inside a virtual host, as discussed above, it will work just fine. You obviously will need to allow the Apache server to access Domino. I'm no security expert but I guess binding exclusively to its MAC address is an option. Security of Domino will then be just as good (or bad) as your Apache setup.

I hope that helped 12 «

COMMENT: MCL rating

AUG 9, 16:15:58

comment » Even IBM Support is pointing me to this site for configuration issues. Great work. «

COMMENT: PETER rating

JAN 11, 11:44:41 PM

comment » Excellent article, just what I was looking for.

One thing that I did find was when either of the servers did a re-direct the port name would re-appear in the address, and would then be blocked by our firewall.

After a bit of stuffing around I found the following worked

ServerName domino.ferdychristant.com

ServerAlias *.domino.ferdychristant.com

RewriteEngine On

RewriteRule ^/(.*) \http://domino.ferdychristant.com:81/$1 [P]

ProxyPassReverse / http://domino.ferdychristant.com:81/

ServerName was.ferdychristant.com

ServerAlias *.was.ferdychristant.com

RewriteEngine On

RewriteRule ^/(.*) \http://was.ferdychristant.com:9001/$1 [P]

ProxyPassReverse / http://was.ferdychristant.com:9001/ «

COMMENT: PETER

JAN 11, 11:48:58 PM

comment » Sorry, the formatting didn't really work in my previous comment...

Basically I just added the following line after the RewriteRule line:

ProxyPassReverse / http://domino.ferdychristant.com:81/ «

COMMENT: ROBERT LOZANO email

JUL 7, 11:18:07 PM

comment » Thanks to this article we managed to use XML-RPC calls through the browser to fill comboboxes in a form. Thing is that IE7 or Firefox will not let you make a call to another host for security reasons. This really saved our day. Initially we were testing the jsolait solution in IE6. It worked perfectly fine. Until we tested it again using Firefox 2 and IE7. Then we started to panic. Using this approach the browser never finds out its connected to different hosts through a proxy http server. Great work «

COMMENT: JOE

JUL 20, 04:56:35 PM

comment » Hi Ferdy,

thanks for the great article, even 3 years later :)

Note that all this can be used instead of mod_jk to connect Apache and Tomcat. It seems that mod_jk is a bit faster, but your way is easier to configure since mod_proxy is now part of the default installation. «

COMMENT: KEVALA emailhomepagerating

OCT 9, 05:54:50 AM

comment » i can't find collection of u'r architecture design of u'r own?

but u hav work a good job to create u'r own web, its nice «

COMMENT: ARCHIE email

APR 19, 2008 - 04:30:25 AM

comment » Really good article. Thanks.

Have you ever tried utilizing the Redline/Juniper DX series device to connect to a DWA infrastructure ? If, I'd be curious to know if you were able to get it to work and how.

Again, great writing on this. «

COMMENT: LUC emailhomepage

OCT 31, 2008 - 11:09:01

comment » Very good, but i have a problem with the rewrite rules !

I have several internet site documents in domino

ie : webmail.top-infogerance.com

www.top-infogerance.com

audescendeur.top-infogerance.com

and so...

I create m' virtual hosts as this

ServerName www.top-infogerance.com

ServerAlias www.top-infogerance.com

RewriteEngine On

RewriteRule ^/(.*) \http://www.top-infogerance.com:81/$1 [P]

ServerName webmail.top-infogerance.com

ServerAlias webmail.top-infogerance.com

RewriteEngine On

RewriteRule ^/(.*) \http://webmail.top-infogerance.com:81/$2 [P]

but it is always redirecting on the first one ?

Could you please help me

Thks & Rgds

Luc «

COMMENT: MATT emailhomepage

APR 15, 2009 - 10:50:59

comment » I have exactly the same problem as the guy above. Apache keeps using the first virtual host entry. I am using apache 2.2 «

COMMENT: APM

JUN 2, 2009 - 22:04:38

comment » Hi, Great article - even here in 2009.

Is it possible to go the other way.

ie Put Domino on port 80 (ie default http) and then pass over specific domains to apache on a different port (say 81)

thanks in advance «

COMMENT: KOANI

AUG 18, 2009 - 13:34:39

comment » Excellent guide. After I did not undestand the guide at apache.org, I found this site. Great job, you made my day! «

COMMENT: HOME emailhomepagerating

APR 10, 2014 - 13:11:01

comment » Very interesting.I'm new in this things about apache and I had a lot of problems with my hosting....Anyway I come from Codestore on your website and is just great information «

RATE THIS CONTENT (OPTIONAL)
Was this document useful to you?
 
rating Awesome
rating Good
rating Average
rating Poor
rating Useless
CREATE A NEW COMMENT
required field
required field HTML is not allowed. Hyperlinks will automatically be converted.