Apache – Proxy Reverso para IBM Domino

Neste post estarei apresentando como criar um Proxy Rever para o IBM Domino , o foco desse post é a configuração do Apache e não a configuração do ambiente IBM Domino.

iiNotesRedirectArch1

1) Módulos necessários :

LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

2) Configuração de HTTPs com diversos servidores domino no ambente :

 <VirtualHost webmail.example.com:443>
ServerName webmail.example.com
DocumentRoot "/Dir/domino/"
         <Directory "/Dir/domino/">
             AllowOverride none
           Require all granted
         </Directory>

# Configuracao do Apache para usar chave SSL
SSLEngine on
        SSLProtocol all -SSLv2
        SSLHonorCipherOrder on

# Chaves  HTTPS Webmail
        SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
        SSLCertificateFile "/dir/example.crt"
        SSLCertificateKeyFile "/dir/example.key"
        SSLCertificateChainFile "/dir/example.crt"

# Configuracao Geral
        RewriteEngine on
        SSLProxyEngine on
        ProxyRequests off
        ProxyPreserveHost On

# Cookies remover apos logout
RewriteCond %{HTTP_COOKIE} ^.*iNotesServer=.*
RewriteCond %{QUERY_STIRNG} ^Logout
RewriteRule ^/.* - [R=301,CO=iNotesServer:INVALID:;:-1]
#RewriteRule ^/.* - [R=301,CO=iNotesServer:gateway:example.com:1]


# Lendo o nome do servidor domino para primeiro acesso do diretorio mail
RewriteCond %{REQUEST_URI} ^/(.*)/mail
#RewriteRule /(.*)/mail(.*) /mail/$2 [QSD,R,L,CO=iNotesServer:$1:hands-on.local]

#Teste do Suporte APP
RewriteRule /(.*)/mail/(.*) http://$1.example.com/mail/$2 [P,CO=iNotesServer:$1:example.com]


# Setando cookies 
RewriteCond %{REQUEST_URI} ^/domjs [OR]
RewriteCond %{REQUEST_URI} ^/domjava [OR]
RewriteCond %{REQUEST_URI} ^/domcfg.nsf [OR]
RewriteCond %{REQUEST_URI} ^/iwaredir.nsf [OR]
RewriteCond %{REQUEST_URI} ^/iNotes [OR]
RewriteCond %{REQUEST_URI} ^/icons [OR]
RewriteCond %{REQUEST_URI} ^/mail [OR]
RewriteCond %{REQUEST_URI} ^/archieve [OR]
RewriteCond %{REQUEST_URI} ^/download [OR]
RewriteCond %{REQUEST_URI} ^/dwa(.*)
RewriteCond %{HTTP_COOKIE} ^.*iNotesServer=([^;]+)
RewriteRule /(.*) balancer://%1/$1 [P,L]


# Se nao reconhecer o primeiro acesso no iwaredir.nsf
RewriteCond %{REQUEST_URI} ^/favicon.ico [OR]
RewriteCond %{REQUEST_URI} ^/domcfg.nsf [OR]
RewriteCond %{REQUEST_URI} ^/iwaredir(.*) [OR]
RewriteCond %{REQUEST_URI} ^/names.nsf [OR]
RewriteRule /(.*) balancer://DEFAULT/$1 [P]


#DATABASE01
 <Proxy balancer://DATABASE01>
BalancerMember http://database01.example.com:80/
 </Proxy <

#DATABASE02
 <Proxy balancer://DATABASE02>
BalancerMember http://database02.example.com:80/
 </Proxy <

#DATABASE03
 <Proxy balancer://DATABASE03>
BalancerMember http://database03.example.com:80/
 </Proxy <

ProxyPass / balancer://DEFAULT
ProxyPassReverse / http://domino1.example.com
ProxyPass / balancer://DATABASE01
ProxyPassReverse / http://database01.example.com
ProxyPass / balancer://DATABASE02
ProxyPassReverse / http://database02.example.com
ProxyPass / balancer://DATABASE03
ProxyPassReverse / http://database03.example.com

# Log Definition -  Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel debug
        LogFormat "%h %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" access
        CustomLog "||/bin/rotatelogs -c /dir/logs/access_prd.log.%Y%m%d 86400" common
        ErrorLog "||/bin/rotatelogs -c /dir/logs/error_prd.log.%Y%m%d 8640"
        ServerSignature off
 </VirtualHost>

2) Criação de regra de redirecionamento de http para https :

 <VirtualHost webmail.example.com:80>
        ServerName webmail.example.com
        DocumentRoot "/dir/htdocs"

# Encaminhando http para https
RewriteEngine on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

# Log Definition -  Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel debug
        LogFormat "%h %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" access
        CustomLog "||/bin/rotatelogs -c /dir/logs/access_prd.log.%Y%m%d 86400" common
        ErrorLog "||/bin/rotatelogs -c /dir/logs/error_prd.log.%Y%m%d 8640"
        ServerSignature off

 </VirtualHost>

3) Considerações finais :

Caso seu ambiente tenha mais de um servidor respondendo para uma database a configuração pode ser mantida da seguinte forma :

 <Proxy balancer://DATABASE01>
BalancerMember http://database-01.example.com:80/
BalancerMember http://database-02.example.com:80/
 </Proxy>

ProxyPass / balancer://DATABASE01/

Referência :
http://stephankopp.net/2015/09/24/meine-sessions-auf-dem-admincamp-2015/