Adding a Nomad server resource
Add a Nomad server resource for HCL Nomad.
About this task
When a Nomad request to a Domino server is found, SafeLinx uses the information in the authentication profile to query the requested Domino servers canonical name via LDAP and use the resulting fully-qualified domain name (FQDN) returned for that server to establish a TCP connection.
Procedure
-
From the SafeLinx Administrator, in the Resources tab,
select . Right click, then select .
-
Configure the Nomad server.
- Specify the service URL that end-users will use to access Nomad web (eg. "https://nomad.example.com"). This name can differ from the hostname of the SafeLinx server.
- As Nomad server requires https, the "TCP port to listen on" is 443.
- Specify the prepared keystore in the "PKCS12 keystore file" field. Relative paths start in the SafeLinx binary directory
- Enter the password for the private key stored in the pkcs12 file in the "Keystore password" field
- Leave "Current state" on "active" to automatically start the Nomad server
-
Add Application server URLs.
- For the "Authentication Profile" select the authentication profile you defined during Creating the authentication profile for Nomad server.
- For the "Session COOKIE domain", use the DNS domain part of the hostname
you used for "Service URL" in the previous screen. In this example, it's
example.com
.
Additionally, the minimum necessary data entry for this form is the mapping for the Nomad web static files. Depending on the deployment option you chose in Hosting the Nomad for web browsers static web files the values you have to enter might differ.Note: The Nomad web static files are needed only if you use Nomad for web browsers. They are not needed if you only use Nomad on iOS or Android.With the "Application Server URL"s entries described in the following, you instruct SafeLinx/Nomad server to respond to HTTPS requests starting with
/nomad
by either returning the files from the local directory or pass the http request on to the Domino HTTP server in the backend.The keyword designation "NOMAD" signals to the underlying SafeLinx server to interpret the defined application server as belonging to "Nomad". See URLs with keyword designations in the HCL SafeLinx documentation for details.
Specify application server URLs in the following format:[ <KEYWORD> | <Map> ] URL
For the Nomad Web static files this would generally be:NOMAD /nomad URL
- Nomad Web static files:
- VIA SAFELINX LOCAL FILES
In this case, the URL part of the "Application Server URL" always starts with the
file://
protocol, followed by the full path to the directory containing thenomad
directory you created earlier.- Linux
If you followed the instructions for Linux in Hosting the static web files on SafeLinx you need to add a line similar to this to the Nomand server configuration as a "Application Server URL"
NOMAD /nomad file:///srv/hcl
. If you decided on a different path for your Nomad static files, modify the statement accordingly. - Windows
If you followed the instructions for Windows in Hosting the static web files on SafeLinx you need to add a line similar to this to the Nomand server configuration as a "Application Server URL"
NOMAD /nomad file://C:/hcl
. If you decided on a different path for your Nomad static files, modify the statement accordingly.
- Linux
- VIA DOMINO HTTP SERVER
If you followed the instructions for Windows in Hosting the static web files on a Domino HTTP server you need to add a line similar to this to the Nomand server configuration as a "Application Server URL"
NOMAD /nomad http://domino12cent8.example.com/
. If you decided on a different path for your Nomad static files, modify the statement accordingly.
- VIA SAFELINX LOCAL FILES
- Add Domino Server mappings (optional)
- If Domino and Domino LDAP are configured correctly, no further entries are needed in "Application Server URL" form.
- You can optionally add the Domino name and FQDN of any Domino server that cannot be resolved through lookups in the Domino LDAP server defined earlier for authentication.
- You can optionally add the Domino name and FQDN of any Domino server for users that do not have an home mail server defined.
Use the following format for the entries:NOMAD CN=Domino9Apps/OU=SRV/O=EXAMPLE/C=XP nrpc://mydominoapplicationserver.example.com:1352
Where
mydominoapplicationserver.example.com
is the FQDN (or IP address) of the Domino serverDomino9Apps
specified in the following example.
-
Configure HTTP response headers.
In the SafeLinx Administrator Client, navigate to the Resources tab, expand the SafeLinx Server and then right-click on the Nomad Web Proxy you just configured. In the popup-menu, select Properties. In the window that opens, select the Server tab. Edit HTTP header tokens that should use for files to configure the required HTTP headers corresponding to the files and Additional HTTP headers to include sections to update the preconfigured optional HTTP headers (in all responses). For HTTP header tokens that should use for files, entries should include filename and headers token and should be separated by a space (' ').
-
Verify that Nomad server is running.
In the SafeLinx Administrator Client, navigate to the Resources tab, expand the SafeLinx Server and then right-click on the Nomad Web Proxy you just configured. In the popup-menu select Properties. In the window that opens, select the General tab and scroll to the bottom of the page. The field
Current state
should be showing "active".On the command line of the SafeLinx server, you can issue to following command as root to query the status of the Nomad server:lswg -s hcl-wlNomad -L -F cn:state -l cn=nomad-web-proxy0,cn=safelinx.example.com,o=nwp
Which will give you a result similar to this:dn: cn=nomad-web-proxy0,cn=safelinx.example.com,o=nwp cn: nomad-web-proxy0 state: 0
A value of "0" for "state" corresponds to "running". For your server, you will have to replace
safelinx.example.com
with the name of your SafeLinx/Nomad server installation.