Domino 12 Beta 1 - HTTPS Review & Ratings  

By Daniel Nashed | 1/25/21 2:39 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Now that Domino V12 Beta1 is available, I took the opportunity to look into the current state of TLS and ciphers in Domino. Rating of the results You can see from the rating that we are at a very high score. Even without TLS 1.3 support, this already looks great! And looking into details you see, that you could switch to ECDSA keys already for most web servers. If are are interested in the details and want to test your own server -- even if not exposed to the internet .. continue reading and see the details from the commented results.

Domino V12 Let’s Enrypt DNS-01 Challenges delegating a sub-domain to Digital Ocean  

By Daniel Nashed | 1/25/21 1:23 AM | Infrastructure - Notes / Domino | Added by Martin Pradny

Domino V12 Beta 1 supports DNS-01 challenge validation for Let's Encrypt and other ACME providers. The beta ships with two providers available in DXL file ready to import. I took the configuration as a reference and implemented a Digital Ocean configuration.

Introducing Domino Container Script for Podman an Docker  

By Daniel Nashed | 1/18/21 1:30 AM | Development - Notes / Domino | Added by Andi Kress

This is a brand new script, which is the logical extension to the Nash!Com Domino Start script. A while ago I introduced Docker support for the start script inside the Domino container. It comes with an entry-point script we are also leveraging in out Domino Docker Github community script. This new script is intended to manage and run your Docker and Podman containers. It includes also a systemd script to run a Domino server on Podman in production using the new systemd options introduced in Podman 1.7+. Beside that it includes a simple framework to build and manage your own add-on images

Domino on Linux Start Script Sametime 11 support  

By Daniel Nashed | 1/18/21 1:29 AM | Development - Notes / Domino | Added by Andi Kress

Now that we have the Sametime Premium Meeting Server, there are more customers looking into Domino on Linux. In earlier days I had some issues getting the start script in combination with SLES working. So ST wasn't never on my support list.

Docker 20.10 and Docker Desktop 3.0 released  

By Daniel Nashed | 1/4/21 7:07 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I never said Docker is completely dead, even I see today better integration and more features in Podman. This new release of Docker CE is helping specially on CentOS 8 and you don't need to work-around compatibility issues with an older version of containerd shipped with CentOS 8. At the same time Docker updated Docker desktop to a new major version -- which also includes Docker version 20.10.

Domino on Podman in production  

By Daniel Nashed | 12/28/20 2:39 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This week and I am migrating my Domino server to a new provider updating to CentOS 8. Because I am working a lot with Domino in the Docker/Podman/Kubernetes space, I am looking into it also for my own server. The big benefit is that I can apply my private "NashCom" image derived from the standard image to all servers needed without installation. And switching versions is means just a restart. My own image will be based on the Docker Project version and use the add-on functionality to build your own image on top of it. In my case to add all my tools starting with the "nsh.." prefix.. And also the Domino V12 DSAPI filter for Let's Encrypt/ACME integration.

Sametime Meetings Premium internally without Google STUN servers  

By Daniel Nashed | 12/28/20 2:38 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

We ran into this today. A customer is using ST Meetings Premium in their intranet and have no connection outside. This isn't only a challenge for software installation and updates, but also causes issues with ST meetings if the Google STUN servers cannot be reached. Side note: The update from Pre-Release to Premium by the way just took 1 hour for the meeting server, community server and proxy server all togehter! A STUN server is actually a TURN server, taking care that server and client can talk to each other if a NAT environment is involved. This can hit you even in an intranet depending on the network segmentation with IPv4 addressing. In case NAT is involved you would need an internal TURN server. If no NAT is involved you still have to disable the Google STUN servers.