Neste post estarei apresentando como criar um Proxy Rever para o IBM Domino , o foco desse post é a configuração do Apache e não a configuração do ambiente IBM Domino.
1) Módulos necessários :
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
2) Configuração de HTTPs com diversos servidores domino no ambente :
<VirtualHost webmail.example.com:443>
ServerName webmail.example.com
DocumentRoot "/Dir/domino/"
<Directory "/Dir/domino/">
AllowOverride none
Require all granted
</Directory>
# Configuracao do Apache para usar chave SSL
SSLEngine on
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
# Chaves HTTPS Webmail
SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
SSLCertificateFile "/dir/example.crt"
SSLCertificateKeyFile "/dir/example.key"
SSLCertificateChainFile "/dir/example.crt"
# Configuracao Geral
RewriteEngine on
SSLProxyEngine on
ProxyRequests off
ProxyPreserveHost On
# Cookies remover apos logout
RewriteCond %{HTTP_COOKIE} ^.*iNotesServer=.*
RewriteCond %{QUERY_STIRNG} ^Logout
RewriteRule ^/.* - [R=301,CO=iNotesServer:INVALID:;:-1]
#RewriteRule ^/.* - [R=301,CO=iNotesServer:gateway:example.com:1]
# Lendo o nome do servidor domino para primeiro acesso do diretorio mail
RewriteCond %{REQUEST_URI} ^/(.*)/mail
#RewriteRule /(.*)/mail(.*) /mail/$2 [QSD,R,L,CO=iNotesServer:$1:hands-on.local]
#Teste do Suporte APP
RewriteRule /(.*)/mail/(.*) http://$1.example.com/mail/$2 [P,CO=iNotesServer:$1:example.com]
# Setando cookies
RewriteCond %{REQUEST_URI} ^/domjs [OR]
RewriteCond %{REQUEST_URI} ^/domjava [OR]
RewriteCond %{REQUEST_URI} ^/domcfg.nsf [OR]
RewriteCond %{REQUEST_URI} ^/iwaredir.nsf [OR]
RewriteCond %{REQUEST_URI} ^/iNotes [OR]
RewriteCond %{REQUEST_URI} ^/icons [OR]
RewriteCond %{REQUEST_URI} ^/mail [OR]
RewriteCond %{REQUEST_URI} ^/archieve [OR]
RewriteCond %{REQUEST_URI} ^/download [OR]
RewriteCond %{REQUEST_URI} ^/dwa(.*)
RewriteCond %{HTTP_COOKIE} ^.*iNotesServer=([^;]+)
RewriteRule /(.*) balancer://%1/$1 [P,L]
# Se nao reconhecer o primeiro acesso no iwaredir.nsf
RewriteCond %{REQUEST_URI} ^/favicon.ico [OR]
RewriteCond %{REQUEST_URI} ^/domcfg.nsf [OR]
RewriteCond %{REQUEST_URI} ^/iwaredir(.*) [OR]
RewriteCond %{REQUEST_URI} ^/names.nsf [OR]
RewriteRule /(.*) balancer://DEFAULT/$1 [P]
#DATABASE01
<Proxy balancer://DATABASE01>
BalancerMember http://database01.example.com:80/
</Proxy <
#DATABASE02
<Proxy balancer://DATABASE02>
BalancerMember http://database02.example.com:80/
</Proxy <
#DATABASE03
<Proxy balancer://DATABASE03>
BalancerMember http://database03.example.com:80/
</Proxy <
ProxyPass / balancer://DEFAULT
ProxyPassReverse / http://domino1.example.com
ProxyPass / balancer://DATABASE01
ProxyPassReverse / http://database01.example.com
ProxyPass / balancer://DATABASE02
ProxyPassReverse / http://database02.example.com
ProxyPass / balancer://DATABASE03
ProxyPassReverse / http://database03.example.com
# Log Definition - Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel debug
LogFormat "%h %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" access
CustomLog "||/bin/rotatelogs -c /dir/logs/access_prd.log.%Y%m%d 86400" common
ErrorLog "||/bin/rotatelogs -c /dir/logs/error_prd.log.%Y%m%d 8640"
ServerSignature off
</VirtualHost>
2) Criação de regra de redirecionamento de http para https :
<VirtualHost webmail.example.com:80>
ServerName webmail.example.com
DocumentRoot "/dir/htdocs"
# Encaminhando http para https
RewriteEngine on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# Log Definition - Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel debug
LogFormat "%h %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" access
CustomLog "||/bin/rotatelogs -c /dir/logs/access_prd.log.%Y%m%d 86400" common
ErrorLog "||/bin/rotatelogs -c /dir/logs/error_prd.log.%Y%m%d 8640"
ServerSignature off
</VirtualHost>
3) Considerações finais :
Caso seu ambiente tenha mais de um servidor respondendo para uma database a configuração pode ser mantida da seguinte forma :
<Proxy balancer://DATABASE01> BalancerMember http://database-01.example.com:80/ BalancerMember http://database-02.example.com:80/ </Proxy> ProxyPass / balancer://DATABASE01/
Referência :
http://stephankopp.net/2015/09/24/meine-sessions-auf-dem-admincamp-2015/