Using the Nomad server behind a load balancer / reverse proxy

You can use the Nomad server for Domino behind a reverse proxy.

Note: As of the Nomad Server's general availabilty (Nomad for web browsers 1.0.5), SafeLinx is not able to correctly serve as a reverse proxy / load balancer in front of the Nomad server. An update to resolve this issue is currently in progress.
Note: You must ensure that the web socket connections are upgraded by the proxy and not left as-is to be upgraded by the Nomad server for Domino.
The following is an NGINX sample config:
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
  listen 443 ssl;
  server_name nomad.example.com;

  ssl_certificate     /run/secrets/chain.pem;
  ssl_certificate_key /run/secrets/server.key;

  location / {
    proxy_ssl_server_name on;

    proxy_pass https://domino.example.com:8443;
    proxy_set_header   Host $host;
  }

  location /nrpc-wss {
    proxy_ssl_server_name on;

    proxy_pass https://domino.example.com:8443/nrpc-wss;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
}

Load balancing

To load balance traffic over two or more servers, you must set the cookie secret across all nodes to the same value. For more information, see "Configuring the session cookie" in Configuration options for the Nomad server for Domino.