New Tiny Project: Wink Chattiness Patch  

By Jesse Gallagher | 9/19/23 3:38 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I've been using the Domino 14 betas for development for a while now, and one of the things that has driven me a little nuts is the way Wink spews a bunch of INFO-level logs to the server console when the XPages runtime initializes. You've probably seen it - this stuff: It goes on for a while like that. This isn't new with 14 as such - it's just that 14 now ships with Verse by default, and Verse uses the Wink distribution that came along with the Extension Library, and so now everyone sees this.

Dipping My Feet Into DKIM and DMARC  

By Jesse Gallagher | 4/11/23 3:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

For a very long time now, I've had my mail set up in a grandfathered-in free Google Whatever-It's-Called-Now account, which, despite its creepiness, serves me well. It's readily supported by everything and it takes almost all of the mail-hosting hassle out of my hands. Not all of the hassle, though, and over the past couple weeks I decided that I should look into configuring DKIM and DMARC, first for my personal mail and (if it doesn't blow up) for my company mail. I had set up SPF a couple years back, and I figured it was high time to finish the rest. As with any admin-related post, keep in mind that I'm just tinkering with this stuff. I Am Not A Lawyer, and so forth.

Overdue PSA: Reverse-Proxy Headers in Domino 12.0.1FP1 and Newer  

By Jesse Gallagher | 1/25/23 11:19 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

Just over a year ago now, I wrote a blog post describing the sudden removal of my beloved HTTPEnableConnectorHeaders notes.ini parameter in the 12.0.1 release. However, during the administration-focused OpenNTF Repair Café today, I was reminded that I never modified that post or made a followup to detail the changes since then. I plan to remedy that here!

Tinkering with Mastodon, Keycloak, and Domino  

By Jesse Gallagher | 11/11/22 4:00 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Because of what I'll euphemistically call the current historical moment on Twitter, I (like a lot of people) decided to give another look at Mastodon. The normal way one would use it would be to sign up at mastodon.social and be on one's merry way, treating it just like a slightly-different Twitter. However, Mastodon is intentionally designed to be federated in a way similar to email, and the software is available on GitHub complete with scripts for Docker Compose, Vagrant, and so forth. So I went and did that, setting up my currently-barely-used account at @jesse@pub.frostillic.us. That on its own isn't particularly notable, nor are the specifics of how I set it up (it was a hodgepodge of a couple posts you can find by looking for "mastodon docker compose"). What I found neat for our purposes here was the way I could piggyback authentication onto stuff I had recently done with Keycloak. Keycloak, incidentally, was the topic of today's OpenNTF webinar, so, if you didn't see it, check back there for the replay when it's posted.

Rewriting The OpenNTF Site With Jakarta EE: Data Access  

By Jesse Gallagher | 6/22/22 3:08 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In my last post, I talked about how I make use of Jakarta REST to handle the REST services in the new OpenNTF site I'm working on. There'll be more to talk about on that front when I get to the UI and my use of MVC. For now, though, I'll dive a bit into how I'm accessing NSF data.

PSA: Reverse-Proxy Regression in Domino 12.0.1  

By Jesse Gallagher | 1/20/22 1:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

For a good while now, I've been making use of the HTTPEnableConnectorHeaders notes.ini property in Domino to allow my reverse proxies to have Domino "see" the real remote system. Though this feature is coarse-grained and is best paired with some tempering, it's served me well when used on appropriately-configured servers. Unfortunately, HCL saw fit to remove this feature in 12.0.1, declaring it a security vulnerability. I don't think this made it into the release notes as such, but did eventually get patched into the "Components no longer included in this release" page for V12. Obviously, the true problem here is that it makes my blog entries retroactively less useful. However, a secondary issue is that it will damage your applications in two main ways if you were making use of these headers:

New Adventures in Administration: Docker Compose and One-Touch Setup  

By Jesse Gallagher | 12/4/21 1:42 PM | Infrastructure - Notes / Domino | Added by Martin Pradny

As I do from time to time, this weekend I dipped a bit into the more server-admin-focused side of Domino development. This time, I had set out to improve the deployment experience for one of my client's apps. This is the sprawling multi-NSF-plus-OSGi one, and I've long been blessed to not have to worry about actually deploying anything. However, I knew in the back of my head the whole time that it must be fairly time-consuming between installing Domino, getting all the Java code in place, deploying the DBs, and configuring all the documents that associate them.

CollabSphere 2021 Slides and Video  

By Jesse Gallagher | 10/22/21 12:44 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This year, I presented a session at CollabSphere that was essentially a whirlwind overview of the tools I use and have written to go with my large client project to do automated builds and CI/CD servers. Thanks to the Zoom-based nature of the conference, the video is already up and available:

A Simpler Load-Balancing Setup With HAProxy  

By Jesse Gallagher | 2/8/21 2:47 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

...where by "simpler" I mean relative to the setup I detailed six years ago. For a good long time now, I've had a reverse-proxy + load balancer setup that uses nginx for the main front end and HAProxy as an intermediary to do the actual load balancing. The reason I set it up this way was that I was constrained by two limitations: nginx's built-in load balancing didn't do sticky sessions like I needed, which would break server-side-state frameworks like XPages HAProxy didn't do HTTPS In the intervening half-decade, things have improved. I haven't checked on nginx's load balancing, but HAProxy sprouted splendid HTTPS capabilities. So, for the new servers I've been setting up, I decided to take a swing at it with HAProxy alone.

A Partially-Successful Venture Into Improving Reverse Proxies With Domino  

By Jesse Gallagher | 2/2/21 5:19 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I've long been an advocate for Domino's HTTPEnableConnectorHeaders notes.ini setting. That's the one that lets you pass some WebSphere-derived headers like $WSRA and (particularly-dangerously) $WSRU to Domino and have them fully override the normal values for the incoming host, user, and more. I'm still a big fan of it, but it always come with the irritating absolute requirement that Domino not be publicly-accessible, lest any schmoe come along and pretend to be any user on your server. That's fine and all, but sometimes it's useful to have Domino be accessible without the proxy, such as for troubleshooting. What I really want it selective enabling of this feature based on source IP. So I set out this weekend to try to implement this.

Notes From A Week in Administration-Land  

By Jesse Gallagher | 1/27/21 1:33 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This past week, I've been delving back into the world of Domino administration for a client and taking the opportunity to brush up on the niceties we've gotten in the past few releases. A few things struck me as I went along, so I'll list them here in no particular order.

Executing a Complicated OSGi+NSF+Surefire+NPM Build With Docker  

By Jesse Gallagher | 8/14/20 1:40 AM | Infrastructure - Notes / Domino | Added by Andi Kress

The other month, I got my feet wet with Docker after only conceptually following it for a long time. With that, I focused on getting a basic Jakarta EE app up and running with an active Notes runtime by way of the official Domino-on-Docker image provided by HCL.

Weekend Domino-Apps-in-Docker Experimentation  

By Jesse Gallagher | 6/29/20 5:05 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

For a couple of years now, first IBM and then HCL have worked on and adapted community work to get Domino running in Docker. I've observed this for a while, but haven't had a particular need: while it's nice and all to be able to spin up a Domino server in Docker, it's primarily an "admin" thing. I have my suite of development Domino servers in VMs, and they're chugging along fine.

Domino 11's Java Switch Fallout  

By Jesse Gallagher | 1/8/20 1:36 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

In Notes and Domino 11, HCL switched from using IBM's J9 Java distribution to using the OpenJ9 variant of AdoptOpenJDK. This is a lateral move technically - it's still Java 8 - and it's one presumably made in the short term to avoid licensing costs from IBM and in the long term to align better with AdoptOpenJDK.

Writing Domino JEE Apps Outside Domino  

By Jesse Gallagher | 11/9/19 10:59 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

In my last post, I mentioned that I decided to write the File Store app as a Jakarta EE application running in a web server alongside Domino, instead of as an app running on the server itself. In the comments, Fredrik Norling asked the natural question of whether it'd have been difficult to run this on the server.

Implementing Cluster Replication From Domino to Darwino  

By Jesse Gallagher | 3/19/19 9:30 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

Since its inception, Darwino has had two-way replication between it and Domino, and it's evolved over the years in fidelity and configurability. Recently, I was able to check an item off the to-do list that I've wanted for a while: "cluster-style" replication from Domino, where a document change immediately kicks off replication to Darwino.

XPages to Java EE, Part 3: Hello, World  

By Jesse Gallagher | 1/22/19 1:40 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

I expect that I'll have some more theory and explanation to get to in future posts, but I think it will be useful to run through a quick example project. Unlike with my XPages/OSGi examples, there won't be anything in this one that you wouldn't find in any old Java EE tutorial - indeed, I'll be piggybacking on some existing ones to speed things along.

XPages to Java EE, Part 2: Terminology  

By Jesse Gallagher | 1/18/19 12:36 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

Much like with my earlier series, I think it'll be useful to take a minute to go over some of the terms that we'll need to know for dealing with Java EE, beyond just the many names of the platform. Additionally, I think it'll be useful to go over some of the things we specifically need to not know when it comes to non-OSGi development.

Letting Madness Take Hold: XPages Outside Domino  

By Jesse Gallagher | 1/8/19 7:35 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

Since I've been on a real Open Liberty kick lately, over the weekend I decided to go another step further and test something I'd been wondering for a while: whether it'd be possible to run the current form XPages outside of the Domino HTTP stack.

How Do You Solve a Problem Like XPages?  

By Jesse Gallagher | 11/2/18 12:57 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

Fair warning: this is a meandering one and I'm basically a wet blanket the whole way through) Last week, HCL held the third of their Twitter-based developer Q&As, with this one focusing on XPages and Designer. The majority of the questions (including, admittedly, all of mine) were along the lines of either "can we get some improvements in the Java/XPages stack?" or "is XPages still supported?". The answer to the latter from HCL, as it would have to be, is that XPages is still alive and "fully supported".

AbstractCompiledPage, Missing Plugins, and MANIFEST.MF in FP10 and V10  

By Jesse Gallagher | 10/19/18 7:36 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

Since 9.0.1 FP 10, and including V10 because it's largely identical for this purpose, I've encountered and seen others encountering a couple strange problems with compiling XPages projects. This is a perfect opporunity for me to spin a tale about the undergirding frameworks, but I'll start out with the immediate symptoms and their fixes.

Domino 10 for Developers  

By Jesse Gallagher | 10/9/18 11:18 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

So Domino 10 is upon us, marking the first time in a good while that Domino has had an honest-to-goodness version bump. More than anything, I think V10 is about that sort of mark. Its primary role in the world is to state "Domino isn't dead" - not exactly coming from a position of strength for the platform, but it's the critical message that HCL has to sell if they're going to be viewed as anything but coroners. Still, in addition to merely existing, V10 brings some changes that will help developers, particularly those - sadly - maintaining large legacy applications.

The State of Domino App Dev Post-Connect-2017  

By Jesse Gallagher | 2/24/17 10:07 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

I'm en route back from this year's IBM Connect in San Francisco, and this plane ride is giving me a good chance to chew over the implications for Domino developers. First off, I'll put my bias in this matter right up front: Darwino, which I've been working on and discussing quite a bit, is one of the three "chosen" vendors for app enhancement/modernization/what-have-you.

Release Weekend: ODA and Darwino  

By Jesse Gallagher | 8/2/16 7:25 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

This past weekend was a nice one for releases to a couple of the projects I work on: the OpenNTF Domino API and Darwino.

Change Bitterness and Accidents of History  

By Jesse Gallagher | 6/17/16 3:36 PM | Infrastructure - Notes / Domino | Added by John Oldenburger

It's pretty easy to see that change is in the air for Domino types. It's been taking a number of forms for a while now - the long delay since the release of 9.0.1 and associated aging of the tools and infrastructure have led to a series of forced adaptations for developers and administrators.

The Cleansing Flame of Null Analysis  

By Jesse Gallagher | 5/21/16 4:23 PM | Infrastructure - Notes / Domino | Added by John Oldenburger

Though most of my work lately has been on sprawling, platform-level stuff or other large existing codebases, part of it has involved a new small app. I decided to take this opportunity to dive more aggressively than previously into automated null analysis and other potential-bugs tools.

Darwino for Domino: Domino-side Configuration  

By Jesse Gallagher | 5/17/16 12:50 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

In my last post, I mentioned that a big part of the job of the Darwino-Domino replicator is converting the data one way or another to better suit the likely programming model Darwino-side or to clean up old data. The way this is done is via a configuration database on the Domino side (an XPages application).

An Overview of Darwino for Domino Types  

By Jesse Gallagher | 4/15/16 1:41 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

So, Darwino! I've mentioned it quite a few times on Twitter and, particularly, in person, but I think it's high time I write some proper blog posts about it. To start with, I'll cover what Darwino is. The short version is it's a Java-based development framework with a replicating document database.

Domino's Server-Side User Security  

By Jesse Gallagher | 11/1/15 8:43 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

The other day, Jesper Kiaer wrote an interesting two-part series of blog posts talking about the security implications of HTTPEnableConnectorHeaders, something I mention in my setup example. In it, he describes the ability to specify an arbitrary username as a security hole, which I don't agree with, but I see where he's coming from. It certainly has, shall we say, implications.

Seriously, Though: Reverse Proxies  

By Jesse Gallagher | 9/16/15 3:31 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

So, Domino administrators: what are your feelings about SSL lately? Do they include, perhaps, stress? It's "oh crap, my servers are broken" season again, and this time the culprit is a change in Apple's operating systems. Fortunately, in this case, the problem isn't as severe as an outright security vulnerability like POODLE and, better still, there is a definitive statement from IBM indicating that they are going to bring their security stack up to snuff almost in time.