Thursday, April 2, 2009

Exposing Domino Web apps under Foundations

You can publicly expose a LFS-hosted Notes database on the web via port 4443 eg https://www.xyz.com.au:4443/mynotesdatabase.nsf but the documentation is silent about what Notes web features will/ won't work in that environment. Note that you need secure HTTP (probably because that is the webmail port) which raises the question of how you authenticate visitors BEFORE they get to your application.

The Nitix Knowledgebase lists ports 1352, 2222, 4443 and 8585 as being available through the Nitix Blue/Lotus Foundations Start server firewall but I've only been successful with web access through 4443. I would guess that 1352 is limited to NNTP but I'm curious about the possibilities of 2222 and 8585.

Anyone used those ports before?
.

10 comments:

David Leedy said...

Isn't 8585 the port used by the adminstrator program for "Remote Setup" or something?
I'm not really an Admin, but I had played with domino severs on Linux, and once you got past the initial install, you could load them in "listen" mode or something and then goto your client and run "serversetup" (I think) and it would connect to the listening sever and continue the setup....

Daniele Vistalli said...

Hello Graham, I've been begging the foundations team to allow domino to surface on port 80/443 since i first begun to know the product.

I've also written a proposal on "how-to" do it.

http://www.slideshare.net/virusface/better-domino-web-access-in-lotus-foundations-start

So far no luck but I think that having domino on port 80/443 even as a virtual host would be simply great.

Mainly because corporate proxies can easily block you if you try to access http(s) on non standard ports.

Think what happens if you're working at your customer's site and can't get to your webmail because it's not on standard web ports.

Have you ever faced this issue ?

Graham Dodge said...

David,
I know nothing about 8585 so you're ahead of me in that area.

Daniele,
I think webmail will always be available on 4443 even if Lotus opened other ports. I'd guess the reason for Lotus not picking up your proposal is that there are overlap issues with the market share for regular Domino servers. After all, if you can webify your Domino apps under Foundations then the unique value proposition for buying a Domino Enterprise server shrinks even further.
.

Mike said...

I know it's not supported, but at one point I was using Fast Forward to send port 80 to 60080 for non-secure web traffic.

Graham Dodge said...

Muke,
Great idea. I didn't think of using Fast Forward. The problem with these unsupported ideas is that if you sell a customer solution that relies on that feature then you are really stuck if Lotus closes that loophole in the future.

Joe Nitix said...

I'm pretty sure that fast forward is a feature, and not a loophole. I'd be surprised if a simple solution like port 80 (with the secure port being already accessible) would be enough to hold it back against competing Domino products. I would feel fairly comfortable with using fast forward, as its meant to be a quick solution to these types of problems.

Graham Dodge said...

Fast Forward is definitely a native LFS feature and I use it on my own LFS server. I'm just unsure about whether all Domino web apps would work with full fidelity if you tried publishing them on 80/4443 (with or without FF) . I've got no reason to think they wouldn't, but I'd like to be sure before I sell that solution to a customer.
.

Daniele Vistalli said...

@Graham

I'm not getting this. I can't believe IBM is doing this (using non standard ports) on pourpose.

Foundations and Domino Enterprise address different markets so I don't see the overlap.

In fact with the introduction of foundations branch office (as an addon to enterprise server) I'd like to get what I'm used to even at the branch office. And once again non standard web ports are weird.

I still believe that sooner or later the issue will be addressed.

Maybe I'm too optimist

Mike said...

Keep in mind the primary platform of Foundations is LAMP. Domino is an add on to that - I don't believe either that there is any pressure to prevent Domino from being accessed through the normal 80/443 ports. Being an add on, it simply uses secondary ports.

I would think security is a factor as well. With port 80 wide open, it would be very easy for a non-technical person to accidentally expose Domino data to the world.

Port 1352 is being forwarded automatically since the LAMP platform does not use that port.

Robert Baehr said...

Greetings:

I have a Lotus Foundations tool called 'Wall Anchor' that permits the Lotus Foundations web server (Domino) to function over 60080 for non-SSL-based Domino web apps (like... an SMB web site), while retaining SSL for things like web mail, etc. simultaneously.

Features:
- One click native Lotus Foundations installer
- Load and go (install - reboot - done)
- Easy roll-back to standard Foundations functionality

Cheers
Bob Baehr
The Unofficial Poster Child for Lotus Foundations, Lotus Notes, and Domino