jesse-gallagher
commented
3 years ago This is partially implemented by way of Undertow configured in the NSF and picking up on opted-in apps. Several important tasks remain:
[X] Add SSL support (attach keyrings in the NSF, or also possibly read from a kyr file) [X] Dynamic refresh when the config changes [X] Send $WS headers to Domino [X] Send X-Forwarded-* for others [X] Auto-apply proxy config in Liberty server.xml? This could be an "integration features" option [ ] Add to the RunJava build [ ] Switch to embedding the JAR inside the service bundle to avoid classpath contamination [ ] Add "redirect HTTP to HTTPS" support
DanieleVistalli
It could make sense to embrace the Liberty style of having one Liberty instance per application, and then put a proxy in front of all of the apps and Domino, dynamically configured based on names.nsf and the individual server.xml configurations.
The proxy servlet that I adapted in the repo already is okay, but I'm not terribly confident in it. It'd make more sense to find an existing standalone proxy server to use - I don't know if nginx would make sense here, but it'd certainly do the job.
Along with this, it would make sense to either always or optionally assign dynamic ports to the server.xml configs while writing them out to the filesystem.