Manually configuring the HTTP server

This topic includes a complete list of all Domino® HTTP configuration changes required to successfully start and run HCL Traveler. In general it is not necessary to make any manual configuration changes to the Domino® server. However, in some environments the HCL Traveler server may not have write access to the Domino® server document. In this case, add NTS_AUTO_CONFIG=false to the Notes®.ini file to suppress any error messages, and then make the required changes to the server document as specified in this topic.

Procedure

  1. Open httpd.conf located in the Domino® data directory. Ensure that the following line is included in the file:
    AddType .mobileconfig application/x-apple-aspen-config # iPhone Configuration Utility Configuration Profiles 
  2. Complete these steps if the server is configured to use Web Configurations (not Internet Site Documents):
    1. Open the Domino® server document in edit mode.
    2. Click Internet Protocols > HTTP.
    3. Optional: Set Home URL to /traveler if you want the HCL Traveler user home page to be the default site for this server.
    4. Click Domino Web Engine.
    5. Important: In past releases, the Domino® Servlet Manager was required. With HCL Traveler 8.5.3 Upgrade Pack 1 and later releases, this is no longer needed. If you are not using any other servlets on this system, you can set the Java servlet support to None.
    6. In the Domino® Access Services section, add TravelerAdmin to the Enabled services list.
  3. Complete these steps if the server is configured to use Internet site documents:
    1. Open the Internet site document for Web Protocol in edit mode.
    2. Click Basic.
    3. Either set the Use this web site to handle requests which cannot be mapped to this site to Yes, or set the Host names or addresses mapped to this site with the host name that the HCL Traveler client uses to connect to this server.
    4. Click Configuration.
    5. Optional: Set Home URL to /traveler if you want the HCL Traveler user home page to be the default site for this server.
    6. For Allowed Methods, select GET, POST, and OPTIONS to allow mobile device access, and select PUT and DELETE if you intend to use the HCL Traveler MDM APIs.
    7. In the Domino® Access Services section, add TravelerAdmin to the Enabled services list.
  4. Optional: For backwards compatibility with older HCL Traveler clients add a substitution rule similar to the following options:
    If you are using Internet Site documents, do the following: Under Configuration > Web > Internet Sites, open the Internet Site for web protocol for this server. Then select Web Site > Create Rule and add the following:
    • Type of rule: Substitution
    • Incoming URL pattern: /servlet/traveler*
    • Replacement pattern: /traveler*
    Rule (substitution): /servlet/traveler*-->/traveler*) 
    If you are not using Internet Site documents, do the following: Under Configuration > Web > Web Configurations, open the Domino® server for this server. Then select Create Web... > URL Mapping/Redirection and add the following:
    • Basics: What do you want to setup: URL -- URL
    • Mapping: Incoming URL path: /servlet/traveler*
    • Mapping: Replacement URL string: /traveler*
    URL -> URL for (/servlet/traveler*->/traveler*)
  5. Optional: For ease of configuring Apple devices, add a redirect rule similar to one of the following:
    If you are using Internet Site documents, do the following: Under Configuration > Web > Internet Sites, open the Internet Site for web protocol for this server. Then select Web Site > Create Rule and enter the following:
    • Type of rule: Substitution
    • Incoming URL pattern: /Microsoft-Server-ActiveSync*
    • Replacement pattern: /traveler/Microsoft-Server-ActiveSync*
    Rule (substitution): /Microsoft-Server-ActiveSync*-->/traveler/Microsoft-Server-ActiveSync*)
    If you are not using Internet Site documents, do the following: Under Configuration > Web > Web Configurations, open the Domino® server for this server. Then select Create Web... > URL Mapping/Redirection and enter the following:
    • Basics: What do you want to setup: URL -- URL
    • Mapping: Incoming URL path: /Microsoft-Server-ActiveSync*
    • Mapping: Replacement URL string: /traveler/Microsoft-Server-ActiveSync*
    URL -> URL for (/servlet/traveler*->/traveler*)
  6. Optional: If you would like to add a Content-Security-Policy header or other security headers on each HTTP response for increased security, you may specify a Web Site Rule if you are using Internet Site documents.
    Note: There is no option to set headers if you are not using Internet Site documents.
    Note: Using a more restrictive Content-Security-Policy setting than what is listed below will limit some functionality on the Traveler server home page (such as the option to generate an Apple profile). It will not impact Traveler synchronization functionality.
    1. Under Configuration > Web > Internet Sites, open the Internet Site for web protocol for this server.
    2. Select Web Site > Create Rule and enter the following:
      • Type of rule: HTTP response headers
      • Incoming URL pattern: /traveler*
      • HTTP response codes: 200, 206
      • Expires header: Add header only if application did not
      • Expires header: Specify as number of days (your choice on the number of days)
      • Custom headers:
        • Name: Content-Security-Policy
        • Value: default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-hashes' 'unsafe-inline';
        • Override: unchecked
        • Applies to: All

        • Name: X-Content-Type-Options
        • Value: nosniff
        • Override: unchecked
        • Applies to: All
  7. Restart the HTTP server.
    Tip: For information about changing HTTP threads or other performance tuning information, see Tuning performance of the server.