WINDOWSlotus

lotus domino  时间:2021-02-20  阅读:()
EnablingHTTP/2onanIBMLotusDominoServerSetupGuideAlexElliottAGECOM2019https://www.
agecom.
com.
auCONTENTSIntroduction3Requirements.
3AboutHTTP/23AboutNGINX3Howthisworks.
4Step1–InstallNGINX.
5Step2–SettingupNGINXtorunasaWindowsService.
6Step3–UpdateWindowsHostsFile.
8Step4–AddanotherlocalIPAddress8Step5-CreatingSSLCertificateFiles9ExtractingcertificatesfromanexistingDominoKeyringFile.
9CreateanewSSLCertificate11Step6–TheNGINXConfigurationFile.
13Step7-KeyExchangeSecurity14Step8–EnableConnectorHeaders14Step9–Testing.
15Step10–UpdateForwardingonyourRouter16Step11–FirewallSettings16Step12-FinalSetup16Tips17Checkyourwebsite'sperformance17MultipleWebsites17Forcingallconnectionstobesecure17BringingyourDominoserverdownformaintenance.
18SuggestionsorComments.
19AboutAGECOM.
19INTRODUCTIONThisguidedescribeshowyoucanprovideHTTP/2connectivitytoyourLotusDominoserverusingNGINX-afreeopen-sourcehigh-performanceHTTPserverandreverseproxy.
WithHTTP/2connectivityavailabletoyourDominoserverwebpageswillloadmuchfaster.
ThestepscoveredinthisguidedescribehowtoinstallandconfigureNGINXandsetitupasaHTTP/2proxyforincomingconnections.
TheAGECOMwebsiteprovidesHTTP/2connectivityusingtheconfigurationdescribedinthisguide.
YoucanchecktheAGECOMwebsiteat:https://www.
agecom.
com.
auREQUIREMENTSTheinformationprovidedinthisguideisbasedonthefollowingsystemsettings:MicrosoftWindowsserver2008orlater.
LotusDomino9.
0.
1orlaterYoumayabletousetheinformationforguidancewithotherplatformsandversions.
ItisassumedyoualreadyhaveanactivewebsiterunningonyourDominoserver.
ABOUTHTTP/2HTTP/2improvesspeedmainlybycreatingoneconstantconnectionbetweenthebrowserandtheserver,asopposedtoaconnectioneverytimeapieceofinformationisneeded.
Thissignificantlyreducestheamountofdatabeingtransferred.
Plus,ittransfersdatainbinary,acomputer'snativelanguage,ratherthanintext.
OtherfeaturesofHTTP/2include"multiplexing"(sendingandreceivingmultiplemessagesatthesametime),theuseofprioritization(moreimportantdataistransferredfirst),compression(squeezinginformationintosmallerchunks)and"serverpush,"whereaservermakesaneducatedguessaboutwhatyournextrequestwillbeandsendsthatdataaheadoftime.
ABOUTNGINXNGINXisafreeopen-sourcehigh-performanceHTTPserverandreverseproxy,amailproxyserver,andagenericTCP/UDPproxyserver.
It'sknownforitshighperformance,stability,richfeatureset,simpleconfiguration,andlowresourceconsumption.
Manywebserversandapplicationserversuseasimplethreadedorprocess-basedarchitecturehoweverNGINXstandsoutwithasophisticatedevent-drivenarchitecturethatenablesittoscaletohundredsofthousandsofconcurrentconnectionsonmodernhardware.
Onceyou'vegotNGINXsetupitcanreceiveallincomingconnectionsandredirectthemtotheappropriateDominoserver/website.
YoucaninstallNGINXonyourDominoserveroranyotherserveronyournetwork.
MoreinformationregardingNGINXcanbefoundontheNGINXwebsiteat:http://nginx.
orgHOWTHISWORKSAfterfollowingthestepsoutlinedinthisguideyou'llhaveNGINXhandlingincomingconnectionsfromtheInternetanddirectingthemtotheappropriateserverbasedonthetargethostname.
Ifyou'vespecifiedtodisplayamaintenancepage(intheeventaserverisdownformaintenance)themaintenancepagewillbereturned.
ConnectionsfromtheInternetmaybehttp,https,orhttp/2.
NGINXisresponsibleforestablishingandmaintainingsecureconnections(SSL).
YoucanalsoconfigureNGINXtoforceallincomingconnectionstoestablishasecureconnection.
ConnectionsfromNGINXtoyourinternalserversareestablishedoverhttpsoonceyouhavethissetupinplaceyouwon'tneedtomaintainaDominokeyringfile.
RequestedcontentisreturnedfromyourserversbacktoNGINXanditinturnreturnsthatcontenttotherequestor.
Secureconnectivityisalwaysmaintainedifthat'showtheoriginalconnectionwasestablished.
Thefollowingdiagramshowstheconnectivityflowinbasicterms.
FeaturesofNGINX:ApplicationAccelerationContentCacheingSSLandSPDYTerminationBandwidthManagementContent-BasedRoutingRequestManipulationResponseRewritingAuthenticationStreamingMediaMonitoringConfigurationSTEP1–INSTALLNGINXTheNGINXWindowsbinaryfileshouldbedownloadedfromtheNGINXwebsiteat:http://nginx.
org/en/download.
htmlThemostrecentstableversionshouldbedownloaded.
It'srecommendedyoumakeanoteoftheversiondownloadedsoyoucanreferenceitlaterwhenyouneedtodeterminewhatversioniscurrentlyinstalled.
NGINXmaybeinstalledonyourDominoserveroranyotherWindowsserver.
Createafolderintherootdirectoryofyourservercalled'nginx'andextractallfilesfromthedownloadedzipfileinthefolder.
Thereshouldnowbeanexecutablefilecallednginx.
exeinthenginxfolderandseveralothersubfolders.
That'sprettymuchittoinstallingnginx.
Westill,however,needtodothefollowingwhichiscoveredinthisguide:SetupnginxtorunasaWindowsserviceSetuptheNGINXconfigurationfileSetupSSLSTEP2–SETTINGUPNGINXTORUNASAWINDOWSSERVICENGINXisnotanexecutablethatcanbeinstalledasaWindowsservice.
ToworkaroundthisaWindowsServiceWrapperisavailablewhichcanbeinstalledasaWindowsserviceandinturnwillcontroltheloadingandunloadingofNGINX.
ThewrappercanactuallybeusedtohostanyexecutableasaWindowsservice.
TheWindowsServiceWrapperisavailableonGithubat:https://github.
com/kohsuke/winswYoucangostraighttothedownloadspageat:https://github.
com/kohsuke/winsw/releasesDownloadthelatestWindowsserviceexecutableandsaveittotheNGINXfolder.
Atthetimethisguidewaswrittentherecommendedversiontodownloadistheonewrittenfor.
NET4(ie.
WinSW.
NET4.
exe).
Aftertheexecutablehasbeendownloadeditisrecommendedthatyourenameitto'nginx-winsw.
exe'tomakeitclearwhichparticularapplicationthewrapperservicewillberesponsibleforloadingandunloading.
Thewrapperservicerequiresconfigurationsettingstobeplacedinanxmlfilematchingthenameoftheexecutable.
Forthisanxmlfilecalled'nginx-winsw.
xml'shouldbecreatedinthesamefolderasthenginx-winsw.
exefile.
Thefollowingitemsdemonstratetheminimumsettingsrequiredtobeaddedtothexmlfile:nginxnginxnginxc:\nginx\nginx.
exec:\nginx\roll-pc:\nginxc:\nginx\nginx.
exe-sstopAsamplexmlfilefortheWindowsservicewrappercanbedownloadedfromtheAGECOMSupportNote.
AftertheWindowsservicewrapperhasbeendownloadedandthexmlconfigurationfilecreateditmustnowbeinstalledasaWindowsservice.
Toinstallnginx-winsw.
exeasaWindowsserviceopenacommandpromptasAdministratorandgotothenginxfolder.
Typeinthefollowingcommand:nginx-winsw.
exeinstallAnewWindowsservicecalled'nginx'willnowhavebeencreatedandsettostartautomaticallyonboot.
ItisrecommendedyougointoWindowsservicesandchangethistostartManuallyfornow.
EventuallythiswillbesettostartAutomatically(Delayed)onceeverythinghasbeenconfirmedasworkingcorrectly.
STEP3–UPDATEWINDOWSHOSTSFILEThehostnameofyourwebserverandthelocalIPaddressitisboundtoneedtobeaddedtotheWindowshostsfilethatNGINXisbeinginstalledon-normallyfoundintheC:\Windows\System32\Drivers\etcfolder.
Forexampleifyourhostnameiswww.
acme.
comanditisboundtothelocalipaddressof10.
0.
0.
25(theipaddressyourDominoserverhttptaskislisteningonforincomingconnections)thenyouwouldaddthefollowingentriestothehostsfile:10.
0.
0.
25acme.
com10.
0.
0.
25www.
acme.
comAfterupdatingthehostsfileyoushouldpingbothformsoftheabovehostnamesonyourservertoensuretheyresolvetotheexpectedlocalipaddressandyougetasuccessfulreplyback.
STEP4–ADDANOTHERLOCALIPADDRESSIfNGINXhasbeeninstalledonyourDominoservertheserverwillrequireaminimumof2localstaticipaddresses.
OneipaddresswillbeusedbyNGINXtoreceiveincomingconnections,andanotheripaddresswillbeusedbytheDominoserver.
NGINXreceivesincomingHTTPconnectionsononeoftheipaddressesandwillredirecttraffictotheipaddressusedbyDomino(eitheronthecurrentmachineoranothermachinewhereDominohasbeeninstalled).
YoushouldnowgointotheWindowsnetworksettingsandaddanotherstaticipaddressthatisnotbeingusedelsewhereonthenetwork.
Thefollowingimageshowsasecondaryipaddressof10.
0.
0.
30thathasbeenadded:Note:IfNGINXhasbeeninstalledonanotherserverwheretherearenootherapplicationsthatareusinganyofthehttpports(80,443)thenyoushouldbeabletouseasingleipaddressandwon'tneedtoaddasecondipaddress.
STEP5-CREATINGSSLCERTIFICATEFILESAsmostbrowsersonlysupportHTTP/2overSSLyouwillneedsetupSSLforyourwebsitedomain.
ThefollowingsectionsdescribehowtoextractyourkeysandcertificatesfromanexistingDominokeyringfileorcreateanewSSLcertificatefromscratch.
EXTRACTINGCERTIFICATESFROMANEXISTINGDOMINOKEYRINGFILEIfyouhaveanexistingDominoKeyringfilewhichcontainscertificatesthathavenotexpiredyoucanextractthemusingtheDominoKeyringTool(version1.
1orlater).
FormoreinformationaboutthistoolandtodownloaditpleaserefertothefollowinglinkonIBM'swebsite:http://www-01.
ibm.
com/support/docview.
wssuid=swg21966137Afterdownloadingthetoolcopythe32-bitversiontoyourLotusNotesprogramsfolder.
YouwillalsoneedtocopytheDominokeyringfile(kyr)andthepasswordstashfile(sth)toyourlocaldrive.
OpenacommandpromptandswitchtotheNotesprogramfolder.
Enterthefollowingcommandtoviewthepublicandprivatekeysinthefile:kyrtoolshowkeys-k[pathtokeyringfile]Note:Ifthefollowingerrormessageisdisplayedaftertypingintheabovecommandthenyouhavemostlikelycopiedthe64-bitversionofKyrTool.
Ensureyoucopythe32-bitversionofthetoolthentryagain.
Uponsuccessfulexecutionoftheabovecommandyouwillseeoutputsimilartothefollowing:Usingkeyringpath'[pathofyourkeyringfile]'Keylength:2048bits-----BEGINPUBLICKEY-----[Yourpublickey]-----ENDPUBLICKEY-----Keylength:2048bits-----BEGINRSAPRIVATEKEY-----[Yourprivatekey]-----ENDRSAPRIVATEKEY-----Theprivatekeyneedstobesavedtoafile.
Theeasiestwaytodothisistorepeatthelastcommandbutdirectoutputtoafile.
Enterthefollowingcommand:kyrtoolshowkeys-k[pathtokeyringfile]>private.
keyThewebsitedomaincertificate,andthecertificateissuer'sintermediateandrootcertificatesalsoneedtobeextractedandsavedtoanotherfile.
Enterthefollowingcommandtoextractthemtoafile:kyrtoolshowcerts-k[pathtokeyringfile]>bundle.
crtSincethefilewillcontainmultiplecertificateswerecommendnamingittosomethinglike'bundle.
crt'.
Youmightalsowanttoprefixwiththefilewithsomethingindicatingthecertificateissuersname(eg.
Godaddy-bundle.
crt,entrust-bundle.
crt,etc).
Theprivate.
keyfileshouldnowbeeditedtoremovecontentthatisnotrequired–leavingonlytheprivatekey.
Opentheprivate.
keyfileinatexteditor.
Allcontentbeforetheline'-----BEGINRSAPRIVATEKEY-----'shouldberemovedandanycontentaftertheline'-----ENDRSAPRIVATEKEY-----'shouldberemoved.
Thecontentsoftheprivatekeyshouldnowbeonly:-----BEGINRSAPRIVATEKEY-----[Yourprivatekey]-----ENDRSAPRIVATEKEY-----Saveandclosetheprivatekeyfile.
Thebundle.
crtfileshouldnowbeedited.
Everythingoutsideoftheblocksstartingwith'-----BEGINCERTIFICATE-----'andendingwith'-----ENDCERTIFICATE-----'shouldberemoved.
Thecontentsofthebundlefileshouldnowcontainonlythedomaincertificate,andissuer'sintermediate&rootcertificatesinthefollowingformat:-----BEGINCERTIFICATE-----[Yourcertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[IntermediateCertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[RootCertificate]-----ENDCERTIFICATE-----Saveandclosethebundlefile.
Whenyou'vefinishedextractingthekeysandeditingthefilestheyshouldnowbecopiedtothe'conf'folderunderthemainNGINXfolder.
CREATEANEWSSLCERTIFICATEIfyoudon'thaveanexistingDominoKeyringfileorneedtocreateanewSSLcertificateyouwillneedtogenerateacertificatesigningrequest(CSR)andobtainonefromacertificateauthority(CA).
ACSRconsistsmainlyofthepublickeyofakeypair(privateandpublic),andsomeadditionalinformation(suchasdomainname,location,etc).
Bothofthesecomponentsareinsertedintothecertificatewhenitissigned.
TheeasiestwaytogeneratetheseisusingOpenSSLwhichcanbedownloadedat;https://www.
openssl.
org/YoucandownloadanOpenSSLbinarydistributionwithInstallerfromthefollowingwebsite:https://slproweb.
com/products/Win32OpenSSL.
htmlYoushoulddownloadthelatest32-bitor64-bitversionandruntheinstaller.
UsingOpenSSLthefollowingexamplecommandwouldbeenteredatthecommandprompt(intheOpenSSLbinfolder)forgeneratingtheprivatekeyandCSRfilesfortheAcmedomain:opensslreq-new-newkeyrsa:2048-nodes-keyoutacme.
key-outacme.
csrNote:youshouldreplace'acme'intheabovecommandwithyourowndomainname.
Additionalinformationmayberequestedafterenteringtheabovecommandwhichyoushouldsupplysuchas:CountryCode(eg.
AU)State,Territory,orProvinceinfull(eg.
NewSouthWales)CityorLocality(eg.
Sydney)OrganizationName(eg.
AcmePtyLtd)OrganizationUnitName/Department(eg.
Marketing)CommonName/FullQualifiedDomainName(eg.
www.
acme.
com)EmailAddressChallengePasswordOptionalcompanynameNote:Ifyougetthefollowingerror:WARNING:can'topenconfigfile:/usr/local/ssl/openssl.
cnfthentypeinthefollowingcommand:setOPENSSL_CONF=[path-to-OpenSSL-install-dir]\bin\openssl.
cfg(example:setOPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.
cfg)thentrytheoriginalopensslcommandagain.
Thefollowingtwofilesshouldnowhavebeengenerated:acme.
key–thiscontainsyourprivatekeyandshouldbekeptsecure.
acme.
csr–thiscontainsthecertificatesigningrequestandwhatyouwillsubmittothecertificateissuer.
Thefilecontainingtheprivatekey(ie.
acme.
key)shouldbecopiedtothe'conf'folderunderthemainNGINXfolder.
TheCSRfileshouldnowbeusedtosubmityourcertificaterequesttoyourchosencertificateissuer.
Informationonsubmittingyourrequest,obtainingyourcertificateandintermediate/rootcertificatesshouldbeavailableontheissuer'swebsite.
Afteryourcertificatehasbeenissueditshouldbedownloadedandputintoafile.
Theissuer'srootcertificates(andanyintermediatecertificates)alsoneedtobeputintothesamefilesoit'srecommendedit'snamedsomethinglikedomain-bundle.
crt(eg.
acme-bundle.
crt).
TheorderofthecertificatesinthefileisimportantforSSLtowork.
Thefirstcertificateinthebundlefileshouldbethecertificateforyourdomain,thentheissuersintermediatecertificates,andtheissuer'srootcertificateappendedtoit.
Thebundlefileshouldbeformattedlikethefollowing:-----BEGINCERTIFICATE-----[Yourcertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[IntermediateCertificate]-----ENDCERTIFICATE----------BEGINCERTIFICATE-----[RootCertificate]-----ENDCERTIFICATE-----Thecertificatebundlefileshouldbecopiedtothe'conf'folderunderthemainNGINXfolderwhenyou'vefinishedaddingallcertificatestoit.
STEP6–THENGINXCONFIGURATIONFILETheNGINXconfigurationfilecontainsallthesettingsusedbyNGINX.
Thefileiscalled'nginx.
conf'andresidesinthe'conf'folderunderthemainNGINXfolder.
Itisbeyondthescopeofthisarticletodescribethesettingsinconfigurationfile.
Thereareplentyofresourcesontheinternetwhichcoverthesettingssuchas:NGINX-BeginnersGuideNGINX-ConfiguringHTTPSServersMartinFjordvald-NGINXConfigurationPrimerDigitalOcen-UnderstandingtheNGINXConfigurationFileStructureandConfigurationContextsThesampleconfigurationfileattachedtotheAGECOMSupportNoteisreadyforuseandcanbecopiedtothe'conf'folderunderthemainNGINXfolder.
Itshouldbenamed'nginx.
conf'.
Ifyouchoosetousethesamplefilethefollowingcustomizationswillberequired:TheIPaddressassignedforNGINXtolistenonforincomingconnections(Lines59,79)Thedomainnamesforyoursite(s)(Lines60,67,68,80,92)Thepath/filenameoftheprivatekeyfile(Line126)Thepath/filenameofthebundledcertsfile(Line123)Youwillalsonoticethesampleconfigurationfilereferstoafileinthehtmlfoldercalled'maintenance.
html'(alsoattachedtothesupportnote).
IfNGINXfindsthisfileitwilldisplaythecontentsofitinsteadofredirectingtoyourwebsite.
ThisisusefulifyouwanttobringyourDominoserverdownformaintenanceandprovideamessagebacktoincomingconnectionstoindicatemaintenanceisbeingperformed.
Itshouldbecopiedtothe'html'folderwhichisasubfolderofthemainNGINXfolder.
Wheneveryouwanttodisplaythemaintenancemessagesimplyrenamethefileto'maintenance.
html'andwhenit'snotrequiredrenameittosomethingelsesuchas'zz-maintenance.
html'.
Note:Themaintenance.
htmlfileshouldbecustomizedwithyourwebsiteandnameandemailaddress.
STEP7-KEYEXCHANGESECURITYThefirststepintheestablishmentofasecureconnectionistheexchangeoftheprivatekeysbetweenserverandclient.
Bydefault,NGINXusesa1028-bitDHE(EphemeralDiffie-Hellman)key,whichisrelativelyeasytodecrypt.
ToprovidemaximumsecurityitisrecommendedyoucreateyourownmoresecureDHEkey.
AgainusingOpenSSLopenacommandpromptandgototheOpenSSLbinfolder.
Enterthefollowingcommand:setRANDFILE=[path-to-OpenSSL-install-dir]\bin\.
rndExample:setRANDFILE=c:\OpenSSL-Win64\bin\.
rndNowenterthefollowingcommandtocreateaparametersfilewitha4096-bitkeylength:openssldhparam-outdhparam.
pem4096Thegenerationprocesswilltakeseveralminutes.
Note:ifyougetanerrormessage'Unabletowriterandomstate'whilethefileisbeinggeneratedmakesureyouenteredthe'setRANDFILE=….
'commandcorrectlyfirstthentryrunningtheopensslcommandagain.
IftheproblempersistsopenanewcommandpromptwithAdministratorprivilegesandtryrunningthecommandsagain.
Oncetheprocesshascompletedcopythedhparam.
pemfiletothe'conf'folderunderthemainNGINXfolder.
STEP8–ENABLECONNECTORHEADERSThefollowingsettingsshouldbeaddedtothenotes.
inifileusedbytheDominoserverifitdoesn'talreadyhaveit:HTTPEnableConnectorHeaders=1ThissettingenablestheDominoHTTPtasktoprocessspecialheadersthatareaddedtorequestsbyNGINX.
WhenNGINXpassestheHTTPrequeststoDominoitaddsheadersthatincludeinformationabouttheincomingconnectionsuchastheremoteIPaddress.
WithoutthisanyIPaddressrecordedforincomingHTTPconnectionswillbethatusedbyNGINXratherthantheactualremoteuser'saddress.
Informationaddedtotheheaderscanbeseeninthenginx.
conffileas'proxy_set_header'items.
STEP9–TESTINGNowthatallsetupandconfigurationstepshavebeenperformedyoushouldbeabletotesttheconnection.
GototheWindowsServicesontheDominoserverandensurethe'nginx'servicehasbeenstarted.
Ifnotthenstartit.
Iftheservicefailstostartsuccessfullycheckthe'error.
log'fileinthe'logs'folderunderthemainNGINXfolder.
Onthemachineyouaretestingfrom(whichshouldnotbethemachineNGINXoryourDominoserverisrunningon)thehostnameofyourwebsiteandtheipaddresswhichNGINXislisteningonshouldbeaddedtotheWindowshostsfile-normallyfoundintheC:\Windows\System32\Drivers\etcfolder.
ThiswillensurewhenyoutypeintheaddressofyourwebsiteinabrowserwindowtheconnectionwillbedirectedtoNGINX.
Forexampleifyourhostnameiswww.
acme.
comandthelocalipaddressNGINXislisteningonis10.
0.
0.
20thenyouwouldaddthefollowingentriestothehostsfile:10.
0.
0.
20acme.
com10.
0.
0.
20www.
acme.
comLaunchawebbrowserandtypeinyourwebsiteaddress(eg.
www.
acme.
com).
IfeverythinghasbeenconfiguredcorrectlytheconnectionwillbereceivedbyNGINXandthenforwardedtoyourDominoserver.
Thewebpageshouldbesuccessfullydisplayed.
NowtestthesecureSLLconnectionbyprecedingthewebsitenameinyourwebbrowserwith'https://'(eg.
https://www.
acme.
com).
IfSSLandNGINXhavebeenconfiguredcorrectlyanSSLconnectionwillbesuccessfullyestablishedbyNGINX,theconnectionforwardedtotheDominoserverandthewebsitedisplayedsecurely.
Tocheckifcontenthasbeenreturnusingthehttp/2protocolyoucancheckthenetworkingresponsesusingthebrowser'sdebugger.
InmostbrowserspressingtheF12keywillopenthedebuggingwindow.
Openthenetworkingtabinthedebuggingwindowthengotothewebsiteaddresslineinthebrowserandtypeinthehostnameofyoursiteprecededwith'https'.
ThefollowingimageshowsarequestforaresourceontheAGECOMwebsiteoverhttpsanditbeingreturnedbackusinghttp/2:STEP10–UPDATEFORWARDINGONYOURROUTERIfyourrouterhasbeenconfiguredtoforwardincomingtrafficonport80or443(orothercustomportsyouhavespecifiedforincominghttpconnections)youshouldupdatethetargetipaddresstothatassignedtoNGINX.
Thefollowingimageshowstypicalforwardingsettingsinarouter:Wecanseethatports1352(Notes/Domino)and25(SMTP)areforwardeddirectlytotheDominoserver'sIPaddressandports80(http)and443(https)areforwardedtotheipaddressassignedtoNGINX.
STEP11–FIREWALLSETTINGSIfWindowsFirewall,oranyotherfirewall,hasbeenenabledontheserveryoumayneedtoaddanentryfornginx.
Youshouldcheckthefirewallsettingsandifnecessaryaddanentryfornginx.
exetoallowincomingconnectionsfortheapplication.
STEP12-FINALSETUPNowthatyou'veconfirmedyoursiteiscorrectlyworkingwithNGINXyoushouldgototheWindowsservicesonthemachinethatNGINXwasinstalledonandsettheNGINXservicetoautomaticallystart.
WerecommendsettingittostartAutomaticallywithaDelayedStart:TIPSHere'salistoftipstogetthemostoutofusingNGINXinyourenvironment.
CHECKYOURWEBSITE'SPERFORMANCEYoucanchecktheperformanceofyourwebsiteandreceivetipsonhowtoimproveitbygoingtothefollowingsite:http://www.
webpagetest.
orgYouwillbeaskedtotypeintheaddressforyourwebsite.
Werecommendperformingtestsonyourwebsiteusingboththehttpandhttpsconnections.
Itwillgiverankingsforvariousaspectsofyourwebsitesandtipsonhowtoimproveit.
Thefollowingimageshowsanexampleofthevarioustestsandtherankingsthatweregiven:MULTIPLEWEBSITESIfyouarehostingmultiplesitesyoucaneasilyaddadditionalsitestotheNGINXconfigurationfile.
NGINXcanhandlealltheincomingconnectionsandredirectthemtotheappropriateserver.
You'llbeabletoprovideHTTP/2connectivityforallyourdomains.
FORCINGALLCONNECTIONSTOBESECUREToforceallconnectionstoyourwebsitetobesecurechangethefollowinglinesinthesamplenginxconfigurationfile(Lines74–76).
From:#Forwardtraffictoport80onthetargetserverorredirecttraffictohttpsproxy_passhttp://www.
acme.
com:80;#return301https://www.
acme.
com$request_uri;To:#Forwardtraffictoport80onthetargetserverorredirecttraffictohttps#proxy_passhttp://www.
acme.
com:80;return301https://www.
acme.
com$request_uri;Thiswillredirectincomingconnectionsoverport80toport443.
BRINGINGYOURDOMINOSERVERDOWNFORMAINTENANCEIfyouwishtobringyourDominoserverdownformaintenanceNGINXcanreturnapagebacktoincomingconnectionsindicatingthesiteisdownformaintenance.
Youshouldhavepreviouslydownloadedthe'sample-maintenance.
html'filefromtheAGECOMSupportNoteandsavedittothe'html'folderunderthemainnginxfolder.
Renamethesamplemaintenancefileto'maintenance.
html'.
NGINXwilldetecttheexistenceofthisfileandreturnthecontentsofit.
WhenyourDominoserverisbackonlinesimplyrenamethemaintenancefiletosomethinglike'zz-maintenance.
html'andNGINXwillautomaticallyresumedirectingtraffictoyourDominoserver.
Note:Themaintenance.
htmlfileshouldbecustomizedwithyourwebsiteandnameandemailaddressbeforeusingit.
SUGGESTIONSORCOMMENTSThankyouforreadingthisguide.
Ifyouhavesomesuggestionsforimprovingthecontentofthisguide,findanyerrors,orjustwanttodropusacommentpleaseContactUsandletusknow.
ABOUTAGECOMAGECOMhavebuiltareputationforsupplyingqualityproducts,supportandspecialistconsultingservicestotheIBMLotuscommunitygloballysince1995.
Ourapplicationsinclude:ImportforLotusNotesImportdatadirectlyfromthefollowingformatsinyourLotusNotesdatabases:CommaDelimited(CSV),MS-Access,MS-Excel,MS-Outlook,XML,Fileattachments,NotesStructuredText,andothercharacterdelimitedfiles.
Existingdocumentscanbeupdatedwithimportedcontent.
Importscanberunondemandorscheduled.
ExportforLotusNotesExportyourLotusNotesdocumentsandviewdatatomanydifferentfileformatsincluding:CommaDelimited(CSV),FixedWidth,HTML,IBMConnections,MicrosoftExcel,MicrosoftAccess,MicrosoftWord,PDF,TabDelimited,XMLandmore.
Exportscanberunondemandorscheduled.
AgentMonitorforLotusDominoCentrallymanage,monitor&reportonallagentsinalldatabasesonyourDominoservers(shared,private,scheduled).
Seewhenagentsarescheduled&bywho,viewagentlogs,missedschedules&agentswitherrors,changeagentsettings,enable/disableagentsandmore.
AmustforallDominoadministrators.
Wealsohaveotherapplications,utilitiesandsoftwarewhicharefreelyavailabletotheLotuscommunity.

DogYun(300元/月),韩国独立服务器,E5/SSD+NVMe

DogYun(中文名称狗云)新上了一批韩国自动化上架独立服务器,使用月减200元优惠码后仅需每月300元,双E5 CPU,SSD+NVMe高性能硬盘,支持安装Linux或者Windows操作系统,下单自动化上架。这是一家成立于2019年的国人主机商,提供VPS和独立服务器租用等产品,数据中心包括中国香港、美国洛杉矶、日本、韩国、德国、荷兰等。下面分享这款自动化上架韩国独立服务器的配置和优惠码信息。...

LOCVPS洛杉矶CN2线路KVM上线,洛杉矶/香港云地/香港邦联7折

LOCVPS发来了新的洛杉矶CN2线路主机上线通知,基于KVM架构,目前可与香港云地、香港邦联机房XEN架构主机一起适用7折优惠码,优惠后最低美国洛杉矶CN2线路KVM架构2GB内存套餐月付38.5元起。LOCPVS是一家成立较早的国人VPS服务商,目前提供洛杉矶MC、洛杉矶C3、和香港邦联、香港沙田电信、香港大埔、日本东京、日本大阪、新加坡、德国和荷兰等机房VPS主机,基于KVM或者XEN架构。...

Virtono:圣何塞VPS七五折月付2.2欧元起,免费双倍内存

Virtono是一家成立于2014年的国外VPS主机商,提供VPS和服务器租用等产品,商家支持PayPal、信用卡、支付宝等国内外付款方式,可选数据中心共7个:罗马尼亚2个,美国3个(圣何塞、达拉斯、迈阿密),英国和德国各1个。目前,商家针对美国圣何塞机房VPS提供75折优惠码,同时,下单后在LET回复订单号还能获得双倍内存的升级。下面以圣何塞为例,分享几款VPS主机配置信息。Cloud VPSC...

lotus domino为你推荐
优酷路由宝怎么赚钱优酷路由宝整的可以赚钱吗?可以赚多少?公章制作在WOLD里怎样制作公章qq怎么发邮件怎么发送QQ邮件xp系统停止服务XP停止服务后该怎么办?创维云电视功能什么是创维云电视啊?创维云电视是什么意思?srv记录SRV记录的简介去鼠标加速度怎样去除电脑鼠标加速?怎么在图片上写文字怎么才能在图片上写字呢南北互通从南方发往北方的产品一般是什么qq新闻弹窗如何关闭QQ新闻弹窗
域名备案只选云聚达 申请免费域名 唯品秀 国外php空间 北京双线机房 双十一秒杀 服务器合租 优酷黄金会员账号共享 www789 论坛主机 工信部网站备案查询 金主 美国迈阿密 登陆qq空间 腾讯服务器 apachetomcat zencart安装 wannacry勒索病毒 海尔t68驱动 主机配置 更多