EnablingHTTP/2onanIBMLotusDominoServerSetupGuideAlexElliottAGECOM2019https://www.
agecom.
com.
auCONTENTSIntroduction3Requirements.
3AboutHTTP/23AboutNGINX3Howthisworks.
4Step1–InstallNGINX.
5Step2–SettingupNGINXtorunasaWindowsService.
6Step3–UpdateWindowsHostsFile.
8Step4–AddanotherlocalIPAddress8Step5-CreatingSSLCertificateFiles9ExtractingcertificatesfromanexistingDominoKeyringFile.
9CreateanewSSLCertificate11Step6–TheNGINXConfigurationFile.
13Step7-KeyExchangeSecurity14Step8–EnableConnectorHeaders14Step9–Testing.
15Step10–UpdateForwardingonyourRouter16Step11–FirewallSettings16Step12-FinalSetup16Tips17Checkyourwebsite'sperformance17MultipleWebsites17Forcingallconnectionstobesecure17BringingyourDominoserverdownformaintenance.
18SuggestionsorComments.
19AboutAGECOM.
19INTRODUCTIONThisguidedescribeshowyoucanprovideHTTP/2connectivitytoyourLotusDominoserverusingNGINX-afreeopen-sourcehigh-performanceHTTPserverandreverseproxy.
WithHTTP/2connectivityavailabletoyourDominoserverwebpageswillloadmuchfaster.
ThestepscoveredinthisguidedescribehowtoinstallandconfigureNGINXandsetitupasaHTTP/2proxyforincomingconnections.
TheAGECOMwebsiteprovidesHTTP/2connectivityusingtheconfigurationdescribedinthisguide.
YoucanchecktheAGECOMwebsiteat:https://www.
agecom.
com.
auREQUIREMENTSTheinformationprovidedinthisguideisbasedonthefollowingsystemsettings:MicrosoftWindowsserver2008orlater.
LotusDomino9.
0.
1orlaterYoumayabletousetheinformationforguidancewithotherplatformsandversions.
ItisassumedyoualreadyhaveanactivewebsiterunningonyourDominoserver.
ABOUTHTTP/2HTTP/2improvesspeedmainlybycreatingoneconstantconnectionbetweenthebrowserandtheserver,asopposedtoaconnectioneverytimeapieceofinformationisneeded.
Thissignificantlyreducestheamountofdatabeingtransferred.
Plus,ittransfersdatainbinary,acomputer'snativelanguage,ratherthanintext.
OtherfeaturesofHTTP/2include"multiplexing"(sendingandreceivingmultiplemessagesatthesametime),theuseofprioritization(moreimportantdataistransferredfirst),compression(squeezinginformationintosmallerchunks)and"serverpush,"whereaservermakesaneducatedguessaboutwhatyournextrequestwillbeandsendsthatdataaheadoftime.
ABOUTNGINXNGINXisafreeopen-sourcehigh-performanceHTTPserverandreverseproxy,amailproxyserver,andagenericTCP/UDPproxyserver.
It'sknownforitshighperformance,stability,richfeatureset,simpleconfiguration,andlowresourceconsumption.
Manywebserversandapplicationserversuseasimplethreadedorprocess-basedarchitecturehoweverNGINXstandsoutwithasophisticatedevent-drivenarchitecturethatenablesittoscaletohundredsofthousandsofconcurrentconnectionsonmodernhardware.
Onceyou'vegotNGINXsetupitcanreceiveallincomingconnectionsandredirectthemtotheappropriateDominoserver/website.
YoucaninstallNGINXonyourDominoserveroranyotherserveronyournetwork.
MoreinformationregardingNGINXcanbefoundontheNGINXwebsiteat:http://nginx.
orgHOWTHISWORKSAfterfollowingthestepsoutlinedinthisguideyou'llhaveNGINXhandlingincomingconnectionsfromtheInternetanddirectingthemtotheappropriateserverbasedonthetargethostname.
Ifyou'vespecifiedtodisplayamaintenancepage(intheeventaserverisdownformaintenance)themaintenancepagewillbereturned.
ConnectionsfromtheInternetmaybehttp,https,orhttp/2.
NGINXisresponsibleforestablishingandmaintainingsecureconnections(SSL).
YoucanalsoconfigureNGINXtoforceallincomingconnectionstoestablishasecureconnection.
ConnectionsfromNGINXtoyourinternalserversareestablishedoverhttpsoonceyouhavethissetupinplaceyouwon'tneedtomaintainaDominokeyringfile.
RequestedcontentisreturnedfromyourserversbacktoNGINXanditinturnreturnsthatcontenttotherequestor.
Secureconnectivityisalwaysmaintainedifthat'showtheoriginalconnectionwasestablished.
Thefollowingdiagramshowstheconnectivityflowinbasicterms.
FeaturesofNGINX:ApplicationAccelerationContentCacheingSSLandSPDYTerminationBandwidthManagementContent-BasedRoutingRequestManipulationResponseRewritingAuthenticationStreamingMediaMonitoringConfigurationSTEP1–INSTALLNGINXTheNGINXWindowsbinaryfileshouldbedownloadedfromtheNGINXwebsiteat:http://nginx.
org/en/download.
htmlThemostrecentstableversionshouldbedownloaded.
It'srecommendedyoumakeanoteoftheversiondownloadedsoyoucanreferenceitlaterwhenyouneedtodeterminewhatversioniscurrentlyinstalled.
NGINXmaybeinstalledonyourDominoserveroranyotherWindowsserver.
Createafolderintherootdirectoryofyourservercalled'nginx'andextractallfilesfromthedownloadedzipfileinthefolder.
Thereshouldnowbeanexecutablefilecallednginx.
exeinthenginxfolderandseveralothersubfolders.
That'sprettymuchittoinstallingnginx.
Westill,however,needtodothefollowingwhichiscoveredinthisguide:SetupnginxtorunasaWindowsserviceSetuptheNGINXconfigurationfileSetupSSLSTEP2–SETTINGUPNGINXTORUNASAWINDOWSSERVICENGINXisnotanexecutablethatcanbeinstalledasaWindowsservice.
ToworkaroundthisaWindowsServiceWrapperisavailablewhichcanbeinstalledasaWindowsserviceandinturnwillcontroltheloadingandunloadingofNGINX.
ThewrappercanactuallybeusedtohostanyexecutableasaWindowsservice.
TheWindowsServiceWrapperisavailableonGithubat:https://github.
com/kohsuke/winswYoucangostraighttothedownloadspageat:https://github.
com/kohsuke/winsw/releasesDownloadthelatestWindowsserviceexecutableandsaveittotheNGINXfolder.
Atthetimethisguidewaswrittentherecommendedversiontodownloadistheonewrittenfor.
NET4(ie.
WinSW.
NET4.
exe).
Aftertheexecutablehasbeendownloadeditisrecommendedthatyourenameitto'nginx-winsw.
exe'tomakeitclearwhichparticularapplicationthewrapperservicewillberesponsibleforloadingandunloading.
Thewrapperservicerequiresconfigurationsettingstobeplacedinanxmlfilematchingthenameoftheexecutable.
Forthisanxmlfilecalled'nginx-winsw.
xml'shouldbecreatedinthesamefolderasthenginx-winsw.
exefile.
Thefollowingitemsdemonstratetheminimumsettingsrequiredtobeaddedtothexmlfile:nginxnginxnginxc:\nginx\nginx.
exec:\nginx\roll-pc:\nginxc:\nginx\nginx.
exe-sstopAsamplexmlfilefortheWindowsservicewrappercanbedownloadedfromtheAGECOMSupportNote.
AftertheWindowsservicewrapperhasbeendownloadedandthexmlconfigurationfilecreateditmustnowbeinstalledasaWindowsservice.
Toinstallnginx-winsw.
exeasaWindowsserviceopenacommandpromptasAdministratorandgotothenginxfolder.
Typeinthefollowingcommand:nginx-winsw.
exeinstallAnewWindowsservicecalled'nginx'willnowhavebeencreatedandsettostartautomaticallyonboot.
ItisrecommendedyougointoWindowsservicesandchangethistostartManuallyfornow.
EventuallythiswillbesettostartAutomatically(Delayed)onceeverythinghasbeenconfirmedasworkingcorrectly.
STEP3–UPDATEWINDOWSHOSTSFILEThehostnameofyourwebserverandthelocalIPaddressitisboundtoneedtobeaddedtotheWindowshostsfilethatNGINXisbeinginstalledon-normallyfoundintheC:\Windows\System32\Drivers\etcfolder.
Forexampleifyourhostnameiswww.
acme.
comanditisboundtothelocalipaddressof10.
0.
0.
25(theipaddressyourDominoserverhttptaskislisteningonforincomingconnections)thenyouwouldaddthefollowingentriestothehostsfile:10.
0.
0.
25acme.
com10.
0.
0.
25www.
acme.
comAfterupdatingthehostsfileyoushouldpingbothformsoftheabovehostnamesonyourservertoensuretheyresolvetotheexpectedlocalipaddressandyougetasuccessfulreplyback.
STEP4–ADDANOTHERLOCALIPADDRESSIfNGINXhasbeeninstalledonyourDominoservertheserverwillrequireaminimumof2localstaticipaddresses.
OneipaddresswillbeusedbyNGINXtoreceiveincomingconnections,andanotheripaddresswillbeusedbytheDominoserver.
NGINXreceivesincomingHTTPconnectionsononeoftheipaddressesandwillredirecttraffictotheipaddressusedbyDomino(eitheronthecurrentmachineoranothermachinewhereDominohasbeeninstalled).
YoushouldnowgointotheWindowsnetworksettingsandaddanotherstaticipaddressthatisnotbeingusedelsewhereonthenetwork.
Thefollowingimageshowsasecondaryipaddressof10.
0.
0.
30thathasbeenadded:Note:IfNGINXhasbeeninstalledonanotherserverwheretherearenootherapplicationsthatareusinganyofthehttpports(80,443)thenyoushouldbeabletouseasingleipaddressandwon'tneedtoaddasecondipaddress.
STEP5-CREATINGSSLCERTIFICATEFILESAsmostbrowsersonlysupportHTTP/2overSSLyouwillneedsetupSSLforyourwebsitedomain.
ThefollowingsectionsdescribehowtoextractyourkeysandcertificatesfromanexistingDominokeyringfileorcreateanewSSLcertificatefromscratch.
EXTRACTINGCERTIFICATESFROMANEXISTINGDOMINOKEYRINGFILEIfyouhaveanexistingDominoKeyringfilewhichcontainscertificatesthathavenotexpiredyoucanextractthemusingtheDominoKeyringTool(version1.
1orlater).
FormoreinformationaboutthistoolandtodownloaditpleaserefertothefollowinglinkonIBM'swebsite:http://www-01.
ibm.
com/support/docview.
wssuid=swg21966137Afterdownloadingthetoolcopythe32-bitversiontoyourLotusNotesprogramsfolder.
YouwillalsoneedtocopytheDominokeyringfile(kyr)andthepasswordstashfile(sth)toyourlocaldrive.
OpenacommandpromptandswitchtotheNotesprogramfolder.
Enterthefollowingcommandtoviewthepublicandprivatekeysinthefile:kyrtoolshowkeys-k[pathtokeyringfile]Note:Ifthefollowingerrormessageisdisplayedaftertypingintheabovecommandthenyouhavemostlikelycopiedthe64-bitversionofKyrTool.
Ensureyoucopythe32-bitversionofthetoolthentryagain.
Uponsuccessfulexecutionoftheabovecommandyouwillseeoutputsimilartothefollowing:Usingkeyringpath'[pathofyourkeyringfile]'Keylength:2048bits-----BEGINPUBLICKEY-----[Yourpublickey]-----ENDPUBLICKEY-----Keylength:2048bits-----BEGINRSAPRIVATEKEY-----[Yourprivatekey]-----ENDRSAPRIVATEKEY-----Theprivatekeyneedstobesavedtoafile.
Theeasiestwaytodothisistorepeatthelastcommandbutdirectoutputtoafile.
Enterthefollowingcommand:kyrtoolshowkeys-k[pathtokeyringfile]>private.
keyThewebsitedomaincertificate,andthecertificateissuer'sintermediateandrootcertificatesalsoneedtobeextractedandsavedtoanotherfile.
Enterthefollowingcommandtoextractthemtoafile:kyrtoolshowcerts-k[pathtokeyringfile]>bundle.
crtSincethefilewillcontainmultiplecertificateswerecommendnamingittosomethinglike'bundle.
crt'.
Youmightalsowanttoprefixwiththefilewithsomethingindicatingthecertificateissuersname(eg.
Godaddy-bundle.
crt,entrust-bundle.
crt,etc).
Theprivate.
keyfileshouldnowbeeditedtoremovecontentthatisnotrequired–leavingonlytheprivatekey.
Opentheprivate.
keyfileinatexteditor.
Allcontentbeforetheline'-----BEGINRSAPRIVATEKEY-----'shouldberemovedandanycontentaftertheline'-----ENDRSAPRIVATEKEY-----'shouldberemoved.
Thecontentsoftheprivatekeyshouldnowbeonly:-----BEGINRSAPRIVATEKEY-----[Yourprivatekey]-----ENDRSAPRIVATEKEY-----Saveandclosetheprivatekeyfile.
Thebundle.
crtfileshouldnowbeedited.
Everythingoutsideoftheblocksstartingwith'-----BEGINCERTIFICATE-----'andendingwith'-----ENDCERTIFICATE-----'shouldberemoved.
Thecontentsofthebundlefileshouldnowcontainonlythedomaincertificate,andissuer'sintermediate&rootcertificatesinthefollowingformat:-----BEGINCERTIFICATE-----[Yourcertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[IntermediateCertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[RootCertificate]-----ENDCERTIFICATE-----Saveandclosethebundlefile.
Whenyou'vefinishedextractingthekeysandeditingthefilestheyshouldnowbecopiedtothe'conf'folderunderthemainNGINXfolder.
CREATEANEWSSLCERTIFICATEIfyoudon'thaveanexistingDominoKeyringfileorneedtocreateanewSSLcertificateyouwillneedtogenerateacertificatesigningrequest(CSR)andobtainonefromacertificateauthority(CA).
ACSRconsistsmainlyofthepublickeyofakeypair(privateandpublic),andsomeadditionalinformation(suchasdomainname,location,etc).
Bothofthesecomponentsareinsertedintothecertificatewhenitissigned.
TheeasiestwaytogeneratetheseisusingOpenSSLwhichcanbedownloadedat;https://www.
openssl.
org/YoucandownloadanOpenSSLbinarydistributionwithInstallerfromthefollowingwebsite:https://slproweb.
com/products/Win32OpenSSL.
htmlYoushoulddownloadthelatest32-bitor64-bitversionandruntheinstaller.
UsingOpenSSLthefollowingexamplecommandwouldbeenteredatthecommandprompt(intheOpenSSLbinfolder)forgeneratingtheprivatekeyandCSRfilesfortheAcmedomain:opensslreq-new-newkeyrsa:2048-nodes-keyoutacme.
key-outacme.
csrNote:youshouldreplace'acme'intheabovecommandwithyourowndomainname.
Additionalinformationmayberequestedafterenteringtheabovecommandwhichyoushouldsupplysuchas:CountryCode(eg.
AU)State,Territory,orProvinceinfull(eg.
NewSouthWales)CityorLocality(eg.
Sydney)OrganizationName(eg.
AcmePtyLtd)OrganizationUnitName/Department(eg.
Marketing)CommonName/FullQualifiedDomainName(eg.
www.
acme.
com)EmailAddressChallengePasswordOptionalcompanynameNote:Ifyougetthefollowingerror:WARNING:can'topenconfigfile:/usr/local/ssl/openssl.
cnfthentypeinthefollowingcommand:setOPENSSL_CONF=[path-to-OpenSSL-install-dir]\bin\openssl.
cfg(example:setOPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.
cfg)thentrytheoriginalopensslcommandagain.
Thefollowingtwofilesshouldnowhavebeengenerated:acme.
key–thiscontainsyourprivatekeyandshouldbekeptsecure.
acme.
csr–thiscontainsthecertificatesigningrequestandwhatyouwillsubmittothecertificateissuer.
Thefilecontainingtheprivatekey(ie.
acme.
key)shouldbecopiedtothe'conf'folderunderthemainNGINXfolder.
TheCSRfileshouldnowbeusedtosubmityourcertificaterequesttoyourchosencertificateissuer.
Informationonsubmittingyourrequest,obtainingyourcertificateandintermediate/rootcertificatesshouldbeavailableontheissuer'swebsite.
Afteryourcertificatehasbeenissueditshouldbedownloadedandputintoafile.
Theissuer'srootcertificates(andanyintermediatecertificates)alsoneedtobeputintothesamefilesoit'srecommendedit'snamedsomethinglikedomain-bundle.
crt(eg.
acme-bundle.
crt).
TheorderofthecertificatesinthefileisimportantforSSLtowork.
Thefirstcertificateinthebundlefileshouldbethecertificateforyourdomain,thentheissuersintermediatecertificates,andtheissuer'srootcertificateappendedtoit.
Thebundlefileshouldbeformattedlikethefollowing:-----BEGINCERTIFICATE-----[Yourcertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[IntermediateCertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[RootCertificate]-----ENDCERTIFICATE-----Thecertificatebundlefileshouldbecopiedtothe'conf'folderunderthemainNGINXfolderwhenyou'vefinishedaddingallcertificatestoit.
STEP6–THENGINXCONFIGURATIONFILETheNGINXconfigurationfilecontainsallthesettingsusedbyNGINX.
Thefileiscalled'nginx.
conf'andresidesinthe'conf'folderunderthemainNGINXfolder.
Itisbeyondthescopeofthisarticletodescribethesettingsinconfigurationfile.
Thereareplentyofresourcesontheinternetwhichcoverthesettingssuchas:NGINX-BeginnersGuideNGINX-ConfiguringHTTPSServersMartinFjordvald-NGINXConfigurationPrimerDigitalOcen-UnderstandingtheNGINXConfigurationFileStructureandConfigurationContextsThesampleconfigurationfileattachedtotheAGECOMSupportNoteisreadyforuseandcanbecopiedtothe'conf'folderunderthemainNGINXfolder.
Itshouldbenamed'nginx.
conf'.
Ifyouchoosetousethesamplefilethefollowingcustomizationswillberequired:TheIPaddressassignedforNGINXtolistenonforincomingconnections(Lines59,79)Thedomainnamesforyoursite(s)(Lines60,67,68,80,92)Thepath/filenameoftheprivatekeyfile(Line126)Thepath/filenameofthebundledcertsfile(Line123)Youwillalsonoticethesampleconfigurationfilereferstoafileinthehtmlfoldercalled'maintenance.
html'(alsoattachedtothesupportnote).
IfNGINXfindsthisfileitwilldisplaythecontentsofitinsteadofredirectingtoyourwebsite.
ThisisusefulifyouwanttobringyourDominoserverdownformaintenanceandprovideamessagebacktoincomingconnectionstoindicatemaintenanceisbeingperformed.
Itshouldbecopiedtothe'html'folderwhichisasubfolderofthemainNGINXfolder.
Wheneveryouwanttodisplaythemaintenancemessagesimplyrenamethefileto'maintenance.
html'andwhenit'snotrequiredrenameittosomethingelsesuchas'zz-maintenance.
html'.
Note:Themaintenance.
htmlfileshouldbecustomizedwithyourwebsiteandnameandemailaddress.
STEP7-KEYEXCHANGESECURITYThefirststepintheestablishmentofasecureconnectionistheexchangeoftheprivatekeysbetweenserverandclient.
Bydefault,NGINXusesa1028-bitDHE(EphemeralDiffie-Hellman)key,whichisrelativelyeasytodecrypt.
ToprovidemaximumsecurityitisrecommendedyoucreateyourownmoresecureDHEkey.
AgainusingOpenSSLopenacommandpromptandgototheOpenSSLbinfolder.
Enterthefollowingcommand:setRANDFILE=[path-to-OpenSSL-install-dir]\bin\.
rndExample:setRANDFILE=c:\OpenSSL-Win64\bin\.
rndNowenterthefollowingcommandtocreateaparametersfilewitha4096-bitkeylength:openssldhparam-outdhparam.
pem4096Thegenerationprocesswilltakeseveralminutes.
Note:ifyougetanerrormessage'Unabletowriterandomstate'whilethefileisbeinggeneratedmakesureyouenteredthe'setRANDFILE=….
'commandcorrectlyfirstthentryrunningtheopensslcommandagain.
IftheproblempersistsopenanewcommandpromptwithAdministratorprivilegesandtryrunningthecommandsagain.
Oncetheprocesshascompletedcopythedhparam.
pemfiletothe'conf'folderunderthemainNGINXfolder.
STEP8–ENABLECONNECTORHEADERSThefollowingsettingsshouldbeaddedtothenotes.
inifileusedbytheDominoserverifitdoesn'talreadyhaveit:HTTPEnableConnectorHeaders=1ThissettingenablestheDominoHTTPtasktoprocessspecialheadersthatareaddedtorequestsbyNGINX.
WhenNGINXpassestheHTTPrequeststoDominoitaddsheadersthatincludeinformationabouttheincomingconnectionsuchastheremoteIPaddress.
WithoutthisanyIPaddressrecordedforincomingHTTPconnectionswillbethatusedbyNGINXratherthantheactualremoteuser'saddress.
Informationaddedtotheheaderscanbeseeninthenginx.
conffileas'proxy_set_header'items.
STEP9–TESTINGNowthatallsetupandconfigurationstepshavebeenperformedyoushouldbeabletotesttheconnection.
GototheWindowsServicesontheDominoserverandensurethe'nginx'servicehasbeenstarted.
Ifnotthenstartit.
Iftheservicefailstostartsuccessfullycheckthe'error.
log'fileinthe'logs'folderunderthemainNGINXfolder.
Onthemachineyouaretestingfrom(whichshouldnotbethemachineNGINXoryourDominoserverisrunningon)thehostnameofyourwebsiteandtheipaddresswhichNGINXislisteningonshouldbeaddedtotheWindowshostsfile-normallyfoundintheC:\Windows\System32\Drivers\etcfolder.
ThiswillensurewhenyoutypeintheaddressofyourwebsiteinabrowserwindowtheconnectionwillbedirectedtoNGINX.
Forexampleifyourhostnameiswww.
acme.
comandthelocalipaddressNGINXislisteningonis10.
0.
0.
20thenyouwouldaddthefollowingentriestothehostsfile:10.
0.
0.
20acme.
com10.
0.
0.
20www.
acme.
comLaunchawebbrowserandtypeinyourwebsiteaddress(eg.
www.
acme.
com).
IfeverythinghasbeenconfiguredcorrectlytheconnectionwillbereceivedbyNGINXandthenforwardedtoyourDominoserver.
Thewebpageshouldbesuccessfullydisplayed.
NowtestthesecureSLLconnectionbyprecedingthewebsitenameinyourwebbrowserwith'https://'(eg.
https://www.
acme.
com).
IfSSLandNGINXhavebeenconfiguredcorrectlyanSSLconnectionwillbesuccessfullyestablishedbyNGINX,theconnectionforwardedtotheDominoserverandthewebsitedisplayedsecurely.
Tocheckifcontenthasbeenreturnusingthehttp/2protocolyoucancheckthenetworkingresponsesusingthebrowser'sdebugger.
InmostbrowserspressingtheF12keywillopenthedebuggingwindow.
Openthenetworkingtabinthedebuggingwindowthengotothewebsiteaddresslineinthebrowserandtypeinthehostnameofyoursiteprecededwith'https'.
ThefollowingimageshowsarequestforaresourceontheAGECOMwebsiteoverhttpsanditbeingreturnedbackusinghttp/2:STEP10–UPDATEFORWARDINGONYOURROUTERIfyourrouterhasbeenconfiguredtoforwardincomingtrafficonport80or443(orothercustomportsyouhavespecifiedforincominghttpconnections)youshouldupdatethetargetipaddresstothatassignedtoNGINX.
Thefollowingimageshowstypicalforwardingsettingsinarouter:Wecanseethatports1352(Notes/Domino)and25(SMTP)areforwardeddirectlytotheDominoserver'sIPaddressandports80(http)and443(https)areforwardedtotheipaddressassignedtoNGINX.
STEP11–FIREWALLSETTINGSIfWindowsFirewall,oranyotherfirewall,hasbeenenabledontheserveryoumayneedtoaddanentryfornginx.
Youshouldcheckthefirewallsettingsandifnecessaryaddanentryfornginx.
exetoallowincomingconnectionsfortheapplication.
STEP12-FINALSETUPNowthatyou'veconfirmedyoursiteiscorrectlyworkingwithNGINXyoushouldgototheWindowsservicesonthemachinethatNGINXwasinstalledonandsettheNGINXservicetoautomaticallystart.
WerecommendsettingittostartAutomaticallywithaDelayedStart:TIPSHere'salistoftipstogetthemostoutofusingNGINXinyourenvironment.
CHECKYOURWEBSITE'SPERFORMANCEYoucanchecktheperformanceofyourwebsiteandreceivetipsonhowtoimproveitbygoingtothefollowingsite:http://www.
webpagetest.
orgYouwillbeaskedtotypeintheaddressforyourwebsite.
Werecommendperformingtestsonyourwebsiteusingboththehttpandhttpsconnections.
Itwillgiverankingsforvariousaspectsofyourwebsitesandtipsonhowtoimproveit.
Thefollowingimageshowsanexampleofthevarioustestsandtherankingsthatweregiven:MULTIPLEWEBSITESIfyouarehostingmultiplesitesyoucaneasilyaddadditionalsitestotheNGINXconfigurationfile.
NGINXcanhandlealltheincomingconnectionsandredirectthemtotheappropriateserver.
You'llbeabletoprovideHTTP/2connectivityforallyourdomains.
FORCINGALLCONNECTIONSTOBESECUREToforceallconnectionstoyourwebsitetobesecurechangethefollowinglinesinthesamplenginxconfigurationfile(Lines74–76).
From:#Forwardtraffictoport80onthetargetserverorredirecttraffictohttpsproxy_passhttp://www.
acme.
com:80;#return301https://www.
acme.
com$request_uri;To:#Forwardtraffictoport80onthetargetserverorredirecttraffictohttps#proxy_passhttp://www.
acme.
com:80;return301https://www.
acme.
com$request_uri;Thiswillredirectincomingconnectionsoverport80toport443.
BRINGINGYOURDOMINOSERVERDOWNFORMAINTENANCEIfyouwishtobringyourDominoserverdownformaintenanceNGINXcanreturnapagebacktoincomingconnectionsindicatingthesiteisdownformaintenance.
Youshouldhavepreviouslydownloadedthe'sample-maintenance.
html'filefromtheAGECOMSupportNoteandsavedittothe'html'folderunderthemainnginxfolder.
Renamethesamplemaintenancefileto'maintenance.
html'.
NGINXwilldetecttheexistenceofthisfileandreturnthecontentsofit.
WhenyourDominoserverisbackonlinesimplyrenamethemaintenancefiletosomethinglike'zz-maintenance.
html'andNGINXwillautomaticallyresumedirectingtraffictoyourDominoserver.
Note:Themaintenance.
htmlfileshouldbecustomizedwithyourwebsiteandnameandemailaddressbeforeusingit.
SUGGESTIONSORCOMMENTSThankyouforreadingthisguide.
Ifyouhavesomesuggestionsforimprovingthecontentofthisguide,findanyerrors,orjustwanttodropusacommentpleaseContactUsandletusknow.
ABOUTAGECOMAGECOMhavebuiltareputationforsupplyingqualityproducts,supportandspecialistconsultingservicestotheIBMLotuscommunitygloballysince1995.
Ourapplicationsinclude:ImportforLotusNotesImportdatadirectlyfromthefollowingformatsinyourLotusNotesdatabases:CommaDelimited(CSV),MS-Access,MS-Excel,MS-Outlook,XML,Fileattachments,NotesStructuredText,andothercharacterdelimitedfiles.
Existingdocumentscanbeupdatedwithimportedcontent.
Importscanberunondemandorscheduled.
ExportforLotusNotesExportyourLotusNotesdocumentsandviewdatatomanydifferentfileformatsincluding:CommaDelimited(CSV),FixedWidth,HTML,IBMConnections,MicrosoftExcel,MicrosoftAccess,MicrosoftWord,PDF,TabDelimited,XMLandmore.
Exportscanberunondemandorscheduled.
AgentMonitorforLotusDominoCentrallymanage,monitor&reportonallagentsinalldatabasesonyourDominoservers(shared,private,scheduled).
Seewhenagentsarescheduled&bywho,viewagentlogs,missedschedules&agentswitherrors,changeagentsettings,enable/disableagentsandmore.
AmustforallDominoadministrators.
Wealsohaveotherapplications,utilitiesandsoftwarewhicharefreelyavailabletotheLotuscommunity.
青云互联怎么样?青云互联是一家成立于2020年6月的主机服务商,致力于为用户提供高性价比稳定快速的主机托管服务,目前提供有美国免费主机、香港主机、香港服务器、美国云服务器,让您的网站高速、稳定运行。美国cn2弹性云主机限时8折起,可选1-20个IP,仅15元/月起,附8折优惠码使用!点击进入:青云互联官方网站地址青云互联优惠码:八折优惠码:ltY8sHMh (续费同价)青云互联活动方案:美国洛杉矶...
Webhosting24宣布自7月1日起开始对日本机房的VPS进行NVMe和流量大升级,几乎是翻倍了硬盘和流量,价格依旧不变。目前来看,日本VPS国内过去走的是NTT直连,服务器托管机房应该是CDN77*(也就是datapacket.com),加上高性能平台(AMD Ryzen 9 3900X+NVMe),还是有相当大的性价比的。此外在6月30日,又新增了洛杉矶机房,CPU为AMD Ryzen 9...
10gbiz发布了9月优惠方案,针对VPS、独立服务器、站群服务器、高防服务器等均提供了一系列优惠方面,其中香港/洛杉矶CN2 GIA线路VPS主机4折优惠继续,优惠后最低每月仅2.36美元起;日本/香港独立服务器提供特价款首月1.5折27.43美元起;站群/G口服务器首月半价,高防服务器永久8.5折等。这是一家成立于2020年的主机商,提供包括独立服务器租用和VPS主机等产品,数据中心包括美国洛...
lotus domino为你推荐
天府热线劲舞团 四川 天府热线 在哪改密码?选择大区怎么没天府?bbsxpdvbbs bbsxp LeadBBS 对比中国电信互联星空电信的互联星空服务是什么?9flashIE9flash模块异常。迅雷云点播账号求个迅雷VIP 是VIP就可以 只用来看云点播 改密码是孙子。 谢了 ! 362135668@qq.commate8价格华为mate8手机参数配置如何,多少元网页打开很慢为什么打开网页很慢srv记录exchange 2010 自动发现需不需要srv记录网站排名靠前怎么让自己的网站排名靠前263企业邮箱设置263企业邮箱如何设置白名单?
虚拟空间购买 论坛虚拟主机 windows虚机 浙江vps fastdomain 英语简历模板word evssl证书 hnyd 阿里云浏览器 lol台服官网 美国免费空间 息壤代理 google台湾 四川电信商城 独立主机 广州虚拟主机 wordpress中文主题 lamp是什么意思 lamp架构 国内空间 更多