A Simpler Load-Balancing Setup With HAProxy  

By Jesse Gallagher | 2/8/21 2:47 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

...where by "simpler" I mean relative to the setup I detailed six years ago. For a good long time now, I've had a reverse-proxy + load balancer setup that uses nginx for the main front end and HAProxy as an intermediary to do the actual load balancing. The reason I set it up this way was that I was constrained by two limitations: nginx's built-in load balancing didn't do sticky sessions like I needed, which would break server-side-state frameworks like XPages HAProxy didn't do HTTPS In the intervening half-decade, things have improved. I haven't checked on nginx's load balancing, but HAProxy sprouted splendid HTTPS capabilities. So, for the new servers I've been setting up, I decided to take a swing at it with HAProxy alone.

XPages: Dealing With "Cookie name X is a reserved token"  

By Jesse Gallagher | 2/3/21 2:04 PM | Development - Notes / Domino | Added by Andi Kress

The other day, John Dalsgaard asked a question in the XPages Slack Community to do with an exception that a client was seeing when going to any XPage...

A Partially-Successful Venture Into Improving Reverse Proxies With Domino  

By Jesse Gallagher | 2/2/21 5:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I've long been an advocate for Domino's HTTPEnableConnectorHeaders notes.ini setting. That's the one that lets you pass some WebSphere-derived headers like $WSRA and (particularly-dangerously) $WSRU to Domino and have them fully override the normal values for the incoming host, user, and more. I'm still a big fan of it, but it always come with the irritating absolute requirement that Domino not be publicly-accessible, lest any schmoe come along and pretend to be any user on your server. That's fine and all, but sometimes it's useful to have Domino be accessible without the proxy, such as for troubleshooting. What I really want it selective enabling of this feature based on source IP. So I set out this weekend to try to implement this.