Understanding Internet site documents on Domino® servers
Internet site documents are used to configure the Internet protocols supported by Domino® servers.
A separate Internet site document is created for each protocol -- Web (HTTP), IMAP, POP3, SMTP Inbound, LDAP, and IIOP -- which is then used to provide protocol configuration information for a single server, or for multiple servers in a Domino® organization. Specifically, in the view of the Domino® Directory, you can create the following:
- Web Site documents
Create a Web site document for each Web site hosted on the Domino® server.
Enable or disable HTTP methods on the Domino Web server.
If applicable in your environment, you can enable specific services that are handled by Domino Access Services.
- LDAP Site documents
Create an LDAP site document for LDAP protocol access to an organization in a directory.
- IMAP, POP3, and SMTP Site documents
Create an individual Internet site document for each mail protocol for which you enter an IP address.
- IIOP Site documents
Create an IIOP Site document to enable the Domino® IIOP (DIIOP) task on the server. This task allows Domino® and the browser client to use the Domino® Object Request Broker (ORB) server program.
Internet site documents make it easier for administrators to configure and manage Internet protocols in their organizations.
You must use Internet site documents if you:
- Want to use Web-based Distributed Authoring and Versioning (WebDAV) on a Domino® Web server.
- Have enabled TLS on your server and want to use Certificate Revocation Lists to check the validity of Internet certificates used to authenticate with the server.
- Use a service provider configuration on your server (see the section For service providers only later in this topic).
The Domino® server is configured to use Internet site documents if the option Load Internet configurations from Server\Internet sites documents is enabled on the Basics tab on Server document. If the option is not enabled, the server defaults to Server document settings to obtain configuration information for Internet protocols.
Internet site documents are designed to be used as follows:
- For any incoming connection, Internet site documents, Certifier documents and Global Domain documents are used to determine which organization (certifier) is associated with the target IP address. In a Domino® configuration, all incoming IP addresses usually map to the top-level certifier.
- For a specific organization and a specific protocol and a specific server, the Internet site document is used to determine which authentication controls are to be applied.
When you enter a Host name or IP address in an Internet site document, you do not gain control over which authentication controls are applied according to the IP address the user connects to. Instead, the first Internet site document located for the server and the organization is used. As a result, except for Web Site documents, you should have only one Internet site document for each organization, protocol, and server combination.
For example, do not do the following:
Server A has two IP addresses and you create the following two Internet site documents for POP3:
- One Internet site document for one IP address with no TLS allowed
- One Internet site document for another IP address, with TLS allowed.
The IP address is used to determine the organization and both Internet site documents apply to the same organization. The first Internet site document that matches the server and the organization is used, in this case, the Internet site document that does not allow TLS.
Modifications to Internet site documents (including the creation of new Site documents) are dynamic. The server or protocol does not need to be restarted after you create a new Site document, or after you modify or delete an existing one. Changes generally take effect minutes after the change is made.
Internet site documents are created in the Internet sites view, which is used to help manage Internet protocol configuration information by listing the configured Internet site documents for each organization in the domain.
While most protocol settings are configured in Internet site documents, there are some settings that need to be configured in the Server document to support Internet protocol configurations. These include settings for:
- Enabling and configuring the TCP/IP port.
- Enabling and configuring the TLS port (including redirecting TCP to TLS).
- Accessing the server -- such as who can access the server and how.
Setting up Internet site documents on a Domino® server
Do the following to set up basic Internet site functionality on a Domino® server.
- Create Internet sites document for the Internet protocols you want to use.
- Set up security for each Internet site document.
- Enable Internet site documents on the server.
For service providers only
Internet site documents are required for hosted organizations. These documents control each hosted organization's use of Internet protocols. A hosted organization can only use an Internet protocol if the hosted organization has an Internet site document for that protocol. A shared IP address may be used for all hosted organizations, or unique IP addresses may be set up for each hosted organization. Internet site documents link IP addresses to the individual hosted organizations for each Internet protocol.
When registering hosted organizations, you have the option to create Internet site documents during hosted organization registration, or you can choose to create them later.
Service providers need to consider the following when using Internet site documents:
- Each hosted organization has one Web Site document that can be created during hosted organization registration. You must create this initial Web Site document to activate the HTTP protocol. If you have multiple Web sites, you need one individual Web Site document for each additional Web site for each organization.
- You must create one mail protocol Site document (IMAP, POP3, or SMTP) for each protocol used by each organization.
- In a hosted environment, Domino® IIOP (DIIOP) can use the information in the IIOP Internet site document to define the scope of the Domino® Directory used to validate users. With DIIOP, you can use any Java™ code running on any server on the network.
- If your configuration has one IP address that is shared by multiple hosted organizations, HTTP, IMAP, LDAP, POP3, and SMTP are the available protocols. For IMAP, LDAP, POP3, and SMTP users, the name provided during authentication must be the user's Internet e-mail address, so that the server knows the organization of which each user is a member. Anonymous access to LDAP is not supported in this configuration.
- To enable TLS for a hosted organization, you must enter the server IP address in the field Host names or addresses mapped to this site on the Basics tab of the Internet site document.