Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Nomad Server 12.0.2 on Linux just works

Daniel Nashed – 20 July 2022 16:42:39

The Nomad Server is a small component, you install on your Domino server.

And it is bundled with the Nomad Web files. So it is a all-in one server add-on solution.


The installation sounds more complicated then it is.

It's really simple to install. And I am thinking about making it an install option for the Domino community container image.


Here is the official documentation:
https://help.hcltechsw.com/nomad/beta/nomadweb/index.html

But let me summarize the main points:


  • Just expand the tar into your Domino server binary directory
  • You need to have a proper cert! A self-signed will not work
  • But the Nomad Server team added support to CertStore TLS Credentials
    When you specify a lookup hostname like NOMAD_WEB_HOST=myhost.mydomain.com, the Nomad Server will find the TLS Credentials document
  • After that, you can just "load nomad" to get the server started
  • By default, it will listen on port 9443
  • There is a yml file where you could specify a different port and a couple of other settings


You can use Let's Encrypt certificates or the manual flow to create a CSR and get a certificate.

If you are behind a reverse proxy, you could also use a MicroCA cert.


Your certificate must be trusted in your browser.


Exporting the root certificate of your Domino MicroCA would be a valid approach for a local test server.

But usually, you should get a proper cert.


The lookup of the cert is based on the hostname. A wildcard certificate would work. You just need to specify the wildcard name.


Current limitation: The hostname can only exist once. So if you have the same name for two certificates, the lookup will fail in the first beta build.


Once the server is running, you can access it via:


https://myhost.mydomain.com:9443.

One requirement is ID Vault. But that's not new to the Nomad Server.


Of course, you could have a NGINX in front of it using SNI on port 443 for the same IP address.

I posted a sample configuration recently for the SafeLinx community container. You will need some specific config for web sockets.


Example reference:
https://github.com/HCL-TECH-SOFTWARE/domino-container/blob/main/examples/safelinx/nginx.conf

But this is an extra option, which you will not need. It works well also with the separate port.


-- Daniel

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]