Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed


DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month

Daniel Nashed  31 May 2022 17:36:00

Image:DACHNUG - Domino 12.0.2 Lab @DNUG Conference next monthImage:DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month

The DNUG focus groups for Domino, Administration and Communications have been very active in the last two years.

Even we had no conference we had full day events and also remote handls-on workshops.

The communications team did a hands on ST workshop and created their own environment to be used by DNUG and also a lab environment with k3s.
The Domino group had a couple of workshops as well. The topics I covered in full day hands-on workshops have been Domino on Docker & K8s, Domino Certificate Manager and Domino Backup.
Each of them have been a lot of work, but also a lot of fun. And we really want to leverage what we did for all members.

Hetzner Cloud based lab environment

We are using the Hetzner cloud -- a great way for us to host on-line workshops.

The Notes database I built around the Hetzner Cloud and DNS API to build lab environments can be used by all members for their workshops.
The database we use has been show-cased by HCL for the Domino 12.0 launch event and allows to to setup any number of servers in minutes.
Since then we used it multiple times in different DNUG focus groups and I am offering the database for free for any user group for hands-on workshops.

DNUG Domino 12.0.2 EAP full featured Lab for DNUG conference

For the upcoming conference next month we came up with a new idea.
We always wanted a full lab environment for our members to look into for new functionality and best practices.
Now that Domino 12.0.2 Early Access 1 shipped, I created a new server cluster with a Linux and Windows machine as the base.

All my presentations will be prepared using this new cloud. Both servers have been setup with OneTouch setup.

The Linux box runs on CentOS Stream 9 on Podman in a container leveraging the HCL Domino Community container image project along with my start scripts.
The server have been deployed on Hetzner with my lab setup database. This includes generation of template JSON files for One-Touch setup.

We are planning to show-case everything that Domino 12.0 - 12.0.2 has shipped on the server side.
But also existing features like ID-Vault used for SAML integration and new features like TOTP.

You can expect a best practices implementation also enabling new features like CertMgr, Domino backup VSS Writer integration with Veeam. S3 Mino backup, DKIM, and much more.
All the security features will be in my presentations at DNUG. And I will use this implementation as a reference as well.

Nomad and SafeLinx planned

Beside that the admin team will help me to setup SafeLinx for Nomad web. And we already have Antivirus with ICAP enabled.

ICAP Antivirus Domino 12.0.2 Lab

Ulrich Krause ( just finished a very nice lab environment for ICAP using ClamAV.
And I took his setup and put it behind a NGINX for proper TLS termination with a ECDSA wild card certificate from Let's Encrypt, requested by CertMgr...

I could continue to list all the new features I have already implemented and which we will add before the conference.
This includes also Linux best practices and SSH configuration with ed25519 keys and fail2ban integration into Domino and a SafeLinx VPN to protect the Windows server.

You will recognize many of the deployment patterns and ideas I posted over the last two years.
And I plan to bring all to life in this demo environment, which we plan to continue to support and have available for all members as a test lab in future.

For the upcoming conference, this will be a great full featured demo place to show the features in Domino 12.0.x :-)
If we find some spot in the agenda we could also present how this is being build and what others can reuse for their own lab environments.

I hope to finally meet many of you in person again!
And I am really looking forward to the first German speaking conference since a long time!

-- Daniel

Image:DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month

Image:DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month


1Peter  02.06.2022 8:31:48  DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month

I really like the idea of using Icap.

But a useful antivirus supporting ICAP is yet to be found. Clamav projects providing bettern pattern seem to be dead.

2Daniel Nashed  02.06.2022 19:12:28  DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month


ICAP and ClamAV are two completely different animals.

There is a c-icap project that allows you to use ClamAV.

But that's not what HCL wants to use for ICAP integration.

It's more about the professional ICAP vendors like Trend Micro and McAfee, which are supporting their engines over ICAP.

I have tested both already with Domino 12.0.2 EAP1 natively.

For some customers and partner still ClamAV is a good aditional option.

It also supports heuristics and could scan MIME.

But yes I agree ClamAV is not the best solution. It is still the open source antivius application on the market.

-- Daniel

3Peter  03.06.2022 9:31:14  DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month

As a TrendMicro customer, I don't see any local product supporting icap that really gets development and I would really like to use. Other vendors do not seem to be much better.

4Daniel Nashed  03.06.2022 16:54:24  DACHNUG - Domino 12.0.2 Lab @DNUG Conference next month

Peter, can you please contact me offline about the ICAP feedback!

I really would like to understand it. Trend Micro has a Web security gateway, which supports ICAP.

Same as McAfee. And I am about to look into offerings from other partners as well.

-- Daniel



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]