Task:
Install the Domino 14 version of the REST API.
Note:
- Later versions of REST API have a regex version of the CORS. If not used, the Admin UI dev tools inspect will show a 403 on the login form submit, and a C CORS syntax error.
Steps:
1. Download from the HCL Downloads site.
Domino_REST_API_V1.1.5_R14_Installer.tar.gz
2. Prep for Installation:
a. Login to remote server:
$ ssh myadminid@dominosvr.mindwatering.net
b. Create working folder for the rest installer file:
$ mkdir ~/myadminid/rest
c. Transfer installer archive file to server (SCP or Filezilla)
d. Extract the readme and jar from the file:
$ tar xvf ./Domino_REST_API_V1.1.5_R14_Installer.tar.gz --no-same-owner --no-same-permissions
<wait>
$ ls -l
...
-rwxr-xr-x 1 root root 822 Aug 12 16:38 README.txt
-rwxr-xr-x 1 root root 119728710 Aug 19 18:34 restapiInstall-r14.jar
3. Install REST Update:
a. shutdown Domino
$ sudo systemctl stop domino.service
b. Install using the Domino java executable::
$ sudo su -
# cd /opt/hcl/domino/notes/latest/linux/jvm/bin/
# ./java -jar /home/myadminid/rest/restapiInstall-r14.jar -d="/local/notesdata" -i="/local/notesdata/notes.ini" -r="/opt/hcl/restapi" -p="/opt/hcl/domino/notes/latest/linux" -a
<wait - confirm output at end shows 0 status for no error>
c. Add export PATH and LD_LIBRARY_PATH under the existing export to the bottom of the /home/notes/.bashrc:
# vi /home/notes/.bashrc
..
export DOMINO_LINUX_SET_PARMS=1
export PATH=/local/notesdata:/opt/hcl/domino/notes/latest/linux:/opt/hcl/domino/notes/latest/linux/res/C:$PATH
export LD_LIBRARY_PATH=/opt/hcl/domino/notes/latest/linux:/opt/hcl/domino/notes/latest/linux/jvm/bin:/opt/hcl/domino/notes/latest/linux/jvm/bin/classic:$LD_LIBRARY_PATH
<esc>:wq (to save)
d. Verify restapi was added to the notes.ini:
# cat /local/notesdata/notes.ini
...
ServerTasks=replica,router,update,amgr,adminp,http,CertMgr,LDAP,mtc,event,stats,collect,restapi
...
e. Restart the domino service
# systemctl start domino.service
<wait and then verify>
# systemctl status domino.service
f. Open the REST API (usage port):
Note: The following opens to anywhere; you'll likely want a more strict configuration.
# ufw allow proto tcp to any port 8880 from 10.0.67.0/24
# ufw allow proto tcp to any port 8886 from 10.5.67.0/24
# ufw allow proto tcp to any port 8889 from 10.5.67.0/24
# ufw allow proto tcp to any port 8890 from 10.5.67.35/24
# ufw reload
Note:
Port: 8880 - Data port for REST API. Authentication uses the standard "web" username and password
Port: 8886 - Health-check, check with the /health endpoint.
Port: 8889 - Management information: Current configuration, runtime information, and Domino REST API shutdown and restart. Port should be limited to internal network. It has its own functional account for use on this port only.
Port: 8890 - Metrics in Prometheus format. Has its own functional account for use on this port only.
g. Enable SSL by reusing the main cert managed by the CertMgr:
Note: If you only have one domain, you may or may not need the TLSCertStoreName entry. It's included here, just in case. It also supports a JSON list if multiple names need to be supported.
# su notes -
$ cd /local/notesdata/keepconfig.d
$ vi /local/notesdata/keepconfig.dtls.json
{
"TLSCertStore" : true
"TLSCertStoreName" : ["dominosvr.mindwatering.net"]
}
<esc>:wq (to save)
h. Set maximum file size:
$ vi /local/notesdata/keepconfig.d/maxfilesize.json
{
"bodyHandler": {
"uploadsDirectory": "keep-file-uploads.d",
"bodyLimit": 128000000
}
}
<esc>:wq (to save)
i. Set HTTP CORS limits:
$ vi /local/notesdata/keepconfig.d/httpcors.json
{
"CORS": {
"^https?:\\/\\/localhost(?:\\:\\d+)?$": true,
"^https?:\\/\\/.*\\.local(?:\\:\\d+)?$": true,
"https:\\/\\/.*\\.mindwatering\\.net:8880$": true,
"https:\\/\\/.*\\.mindwatering\\.net:8889$": true
}
}
<esc>:wq (to save)
j. Set HTTP TLS limits:
$ vi /local/notesdata/keepconfig.d/httptls.json
{
"enabledProtocols": {
"TLSv1.3": true,
"TLSv1.2": true
}
}
<esc>:wq (to save)
k. Update the notes.ini and replace the line, KeepManagementURL=, and change to https with the corporate DNS name:
$ vi /local/notesdata/notes.ini
...
KeepManagementURL=https://dominosvr.mindwatering.net:8889
...
<esc>:wq (to save)
k. Reload/restart the RESTAPI service to pickup these config changes:
Domino Administrator client --> Open Server (dominosvr/MindwateringNET) --> Server (tab) --> Status (subtab) --> Server Console (left menu) --> Click Live (button) -->
Domino Command: tell restapi reload --> click Send
- or -
Domino Command: restart task restapi --> click Send
l. Logout:
# exit
$ exit
previous page
|