The IBM HTTP Server 8.5 is included with Domino 9 and you can use it as your HTTP server instead of the Domino HTTP server if you wish.
This post describes the steps required to get it running.
There are two questions to ask.
1. Why would you want to use it?
Why? TLS. What’s TLS you say? It is the new and improved SSL.
Domino does not support TLS but the IBM HTTP Server (which is based on Apache) does. So if you want to get an A on your SSL Test Here, you gotta’ step up to TLS and that means the IBM HTTP Server.
Good news. The Domino documentation is perfect on this topic. Just follow the steps and you’re in.
First, install the IBM HTTP Server during your Domino 9 install. You have to customize your install and select the IBM HTTP Server option.
Second, you need to update the notes.ini file on that server and tell it to use the IBM HTTP server.
Finally you need to edit the domino.conf file located in your Domino/ihs/conf folder to tell the IBM HTTP server to listen on port 80.
Now start your Domino server. You should see this:
In your Server Tasks you will also notice that your Domino HTTP tasks is now only listening for requests on port 9288. This is because the IBM HTTP Server has now taken over ports 80 and will forward requests it receives on that port back to the Domino server on port 9288. Domino will do what it needs to do and send a response back out through port 9288 and the IBM HTTP server will then forward that response back out to the requesting client on port 80.
That entire process is known as a Reverse Proxy (which in and of itself is a small additional layer of security for your server and can provide other beneficial functionality). For Domino 9 this reverse proxy, according to the documentation, will only allow requests to be passed through to the local server and will only run on Windows.
There you go. You are now using the IBM HTTP server as a reverse proxy “in front of” your Domino HTTP task. Try it out. Access one of your cool XPage applications on your server.
“Yeah, Russ? Where exactly did you turn on the TLS?”
That’s for next time.