Using the Nomad server on Domino behind a reverse proxy / load balancer

You can use the Nomad server on Domino behind a proxy functioning as a reverse proxy, load balancer, or both.

The communication between the proxy and Nomad server on Domino can either be over HTTPS (the default) or HTTP. HTTPS on the Nomad server on Domino is setup the same way as if the proxy was an HCL Nomad client. HTTP on the Nomad server on Domino requires the "trustProxy" and "httpPort" Configuration options for the Nomad server on Domino to be modified.

If the proxy is load balancing requests across more than one Nomad server on Domino, sticky sessions must be enabled to ensure requests for a particular client get routed to the same Nomad server on Domino. Whenever the client's request gets routed to a different Nomad server on Domino, the client will have to log in again, so you want to minimize the changes between Nomad servers.

Note: You must ensure that the web socket connections are upgraded by the proxy and not left as-is to be upgraded by the Nomad server on Domino.
The following is an NGINX sample config:
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
server {
  listen 443 ssl;
  server_name nomad.example.com;
  ssl_certificate /run/secrets/chain.pem;
  ssl_certificate_key /run/secrets/server.key;
  location / {
# If using HTTP between the proxy and the Nomad server on Domino,
# change https:// to http:// and the port number from 9443 to whatever port
# Nomad server on Domino is configured to use ("httpPort" configuration option).
    proxy_pass https://domino.example.com:9443;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto https;
  }
  location /nrpc-wss {
# If using HTTP between the proxy and the Nomad server on Domino,
# change https:// to http:// and the port number from 9443 to whatever port
# Nomad server on Domino is configured to use ("httpPort" configuration option).
    proxy_pass https://domino.example.com:9443/nrpc-wss;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
# If you want to load balance across multiple Nomad servers, specify the
# upstream section with ip_hash to achieve session stickiness.
  upstream domino.example.com {
    ip_hash;
    server domino1.example.com;
    server domino2.example.com;
    server domino3.example.com;
  }
}
Note: The "example.com" host names, SSL certificates, and port numbers should be replaced with your specific information.