Adding a Nomad server resource

Add a Nomad server resource for HCL Nomad.

About this task

Complete the following steps if you did not configure the Nomad server when running the initial SafeLinx configuration wizard.

When a Nomad request to a Domino server is found, SafeLinx uses the information in the authentication profile to query the requested Domino servers canonical name via LDAP and use the resulting fully-qualified domain name (FQDN) returned for that server to establish a TCP connection.

If a Domino server name can't be resolved, the connection terminates. To ensure that a Domino server name can be resolved, you can specify the server URL when you configure the Nomad server.
Note: The name of the Nomad web proxy has changed to Nomad server.

Procedure

  1. From the SafeLinx Administrator, in the Resources tab, select SafeLinx > [SafeLinx server name]. Right click, then select Add > Nomad Web Proxy.

    creating a nomad server
  2. Configure the Nomad server.
    • Specify the service URL that end-users will use to access Nomad web (eg. "https://nomad.example.com"). This name can differ from the hostname of the SafeLinx server.
    • As Nomad server requires https, the "TCP port to listen on" is 443.
    • Specify the prepared keystore in the "PKCS12 keystore file" field. Relative paths start in the SafeLinx binary directory
    • Enter the password for the private key stored in the pkcs12 file in the "Keystore password" field
    • Leave "Current state" on "active" to automatically start the Nomad server
  3. Add Application server URLs.

    adding servers for nomad
    • For the "Authentication Profile" select the authentication profile you defined during Creating the authentication profile for Nomad server.
    • For the "Session COOKIE domain", use the DNS domain part of the hostname you used for "Service URL" in the previous screen. In this example, it's example.com.
    Additionally, the minimum necessary data entry for this form is the mapping for the Nomad web static files. Depending on the deployment option you chose in Hosting the Nomad for web browsers static web files the values you have to enter might differ.
    Note: The Nomad web static files are needed only if you use Nomad for web browsers. They are not needed if you only use Nomad on iOS or Android.

    With the "Application Server URL"s entries described in the following, you instruct SafeLinx/Nomad server to respond to HTTPS requests starting with /nomad by either returning the files from the local directory or pass the http request on to the Domino HTTP server in the backend.

    The keyword designation "NOMAD" signals to the underlying SafeLinx server to interpret the defined application server as belonging to "Nomad". See URLs with keyword designations in the HCL SafeLinx documentation for details.

    Specify application server URLs in the following format:
    [ <KEYWORD> | <Map> ] URL
    For the Nomad Web static files this would generally be:
    NOMAD /nomad URL
    1. Nomad Web static files:
      1. VIA SAFELINX LOCAL FILES

        In this case, the URL part of the "Application Server URL" always starts with the file:// protocol, followed by the full path to the directory containing the nomad directory you created earlier.

        • Linux

          If you followed the instructions for Linux in Hosting the static web files on SafeLinx you need to add a line similar to this to the Nomand server configuration as a "Application Server URL" NOMAD /nomad file:///srv/hcl. If you decided on a different path for your Nomad static files, modify the statement accordingly.


          adding nomad server for linux
        • Windows

          If you followed the instructions for Windows in Hosting the static web files on SafeLinx you need to add a line similar to this to the Nomand server configuration as a "Application Server URL" NOMAD /nomad file://C:/hcl. If you decided on a different path for your Nomad static files, modify the statement accordingly.


          adding nomad server for windows
      2. VIA DOMINO HTTP SERVER

        If you followed the instructions for Windows in Hosting the static web files on a Domino HTTP server you need to add a line similar to this to the Nomand server configuration as a "Application Server URL" NOMAD /nomad http://domino12cent8.example.com/. If you decided on a different path for your Nomad static files, modify the statement accordingly.


        adding a domino server to nomad
    2. Add Domino Server mappings (optional)
      • If Domino and Domino LDAP are configured correctly, no further entries are needed in "Application Server URL" form.
      • You can optionally add the Domino name and FQDN of any Domino server that cannot be resolved through lookups in the Domino LDAP server defined earlier for authentication.
      • You can optionally add the Domino name and FQDN of any Domino server for users that do not have an home mail server defined.
      Use the following format for the entries:
      NOMAD CN=Domino9Apps/OU=SRV/O=EXAMPLE/C=XP nrpc://mydominoapplicationserver.example.com:1352

      Where mydominoapplicationserver.example.com is the FQDN (or IP address) of the Domino server Domino9Apps specified in the following example.


      adding a nomad server details
  4. Configure HTTP response headers.
    In the SafeLinx Administrator Client, navigate to the Resources tab, expand the SafeLinx Server and then right-click on the Nomad Web Proxy you just configured. In the popup-menu, select Properties. In the window that opens, select the Server tab. Edit HTTP header tokens that should use for files to configure the required HTTP headers corresponding to the files and Additional HTTP headers to include sections to update the preconfigured optional HTTP headers (in all responses). For HTTP header tokens that should use for files, entries should include filename and headers token and should be separated by a space (' ').

    resources tab, configuring http headers
  5. Verify that Nomad server is running.
    In the SafeLinx Administrator Client, navigate to the Resources tab, expand the SafeLinx Server and then right-click on the Nomad Web Proxy you just configured. In the popup-menu select Properties. In the window that opens, select the General tab and scroll to the bottom of the page. The field Current state should be showing "active".


    On the command line of the SafeLinx server, you can issue to following command as root to query the status of the Nomad server:
    lswg -s hcl-wlNomad -L -F cn:state -l cn=nomad-web-proxy0,cn=safelinx.example.com,o=nwp
    
    Which will give you a result similar to this:
    dn: cn=nomad-web-proxy0,cn=safelinx.example.com,o=nwp
    cn: nomad-web-proxy0
    state: 0
    

    A value of "0" for "state" corresponds to "running". For your server, you will have to replace safelinx.example.com with the name of your SafeLinx/Nomad server installation.