HCL Nomad Web w/o HCL SafeLinx

Thursday, July 21, 2022 at 5:02 AM UTC

It's been 3 weeks since I tried Daniel Nashed's implementation to the community container project to install SafeLinx in a container - including Nomad Web. That was pretty easy once you managed the certificate part.

Now with the latest drop 3 of Domino 12.0.2 HCL also released the first beta of Nomad which runs as a Domino add-on - without SafeLinx at all.

Installation couldn't be easier. It's just like you do when you want to add Domino Leap (fka Domino Volt) on your existing Domino server.

To start your tests you need at least a Domino server 12.0.1FP1 running on Linux or Windows. Just copy over the tar/zip to the binary folder of your server and unpack it there - done. The other prerequisites are: a working ID Vault and a valid SSL certificate.

Domino in a container

I guess it's just a question of hours until Daniel integrates this new Nomad flavour into the community project, too. Until then you have to install the Nomad files manually into your container. Be aware: if you edit or redeploy your container the Nomad integration will be lost. To prepare your existing container, please make sure that port 9443 is exposed along with the usual suspects like 1352, 80, 443 etc. depending of what services you already expose from the server. Since you have to restart the container (i.e. the server), it's the best time to also define the Nomad hostname in your notes.ini file. In a Domino console just type this command:

set config NOMAD_WEB_HOST=mynomad.example.com

Replace the hostname with your hostname of this machine.

Install Nomad manually to your container

Grab the tar file for your Domino server version. In my case the container is based on the image of 12.0.1 with FP1. Then it's just a matter of 2 commands in the terminal:

docker cp -a nomad-server-105-beta-domino-linux-1201.tgz <CONTAINER>:/opt/hcl/domino/notes/latest/linux

docker exec -it -u 0 <CONTAINER> tar xvf /opt/hcl/domino/notes/latest/linux/nomad-server-105-beta-domino-linux-1201.tgz --directory /opt/hcl/domino/notes/latest/linux

The first command copies the tar file over to the binary folder of the Domino server. The second just unpacks the tar file in that same folder.

Replace <CONTAINER> with the actual name of your Domino container.

Now you can start Nomad with

load nomad

on the server console. You should see a few messages that confirm that Nomad is running now.

Testing Nomad

Open a browser and navigate to your host using https and the port 9443. This is the default port where the Nomad task will listen. The browser will ask you to allow notifications for this website (allow that) and then you can login.

Have fun!

Latest comments to this post

Damien Soward wrote on 16.08.2022, 08:36

Edit for post below.

It was a simple matter of just using pass through on port 9443 without any HTTPS termination or offloading.


 Link to this comment
Damien Soward wrote on 16.08.2022, 07:53

Thanks Oliver (and Daniel), I got everything working just fine on the Domino server, once I got up to speed with certstore.nsf.  This is my first look at nomad for web and it is impressive (notwithstanding a bug I found with LSconst.lss)

I am now trying to put it behind HaProxy (similar to say Nginx), I have tried to port forward using TCP and port 9443 and I have also tried use TLS at the proxy end and send it through. I get nothing back from the Domino server or a bad gateway problem.

I am sure there is something simple I am missing here.

Is there any documentation for this latest Domino/Nomad version? Any guidance on how to port forward etc. Is it expecting a secure https connection prior to forwarding to port 9443?




 Link to this comment
Martijn de Jong wrote on 21.07.2022, 21:55

I'm pretty sure that you could include this in the install.sh script in the build_image directory (see https://blog.martdj.nl/2021/12/06/domino-docker-explained-part-6-creating-your-own-customisations/). That way, you could create your own custom image with Nomad web server, so you don't lose it if you remove the container.

One the one hand, I'd love to describe how to do it, but I know that by the time I'm done, Daniel will have included it in his domino-container script as a simple parameter which will do all the work, so it feels a bit pointless.

 Link to this comment
Daniel Nashed wrote on 21.07.2022, 12:41

Would make a lot of sense to integrate it, as noted in my blog post.

I would stay with the default port and if building with the +nomad option, I would also add the port to the exported ports automatically for the image.

Currently changing the port would be creating a YML file and writing it.

This might still change in future. So I am not planning to add support to managing the YML file in a beta.

But copying could be another option. Or mounting it ...


 Link to this comment

Leave a comment right here