Browse By

Setup Reverse Proxy with Apache for Lotus Notes Webmail

OS: Linux Fedora Core 5 with Apache Installed
Lotus Notes 7

The Story:

Wow! It was a great experience for me when I researched around for articles on how to create a reverse proxy server with Apache and use it to secure Lotus Notes Webmail. Before deciding to use Apache I tried to use Microsoft ISA Server 2004 and its publish server rule, but I get pretty confused in the middle cause it’s not so customizable. I guess Microsoft created the publish server rule only for Microsoft Exchange Server OWA (Outlook Web Access).

Anyway, with Linux Fedora Core 5 and Apache you can do reverse proxying with a lot more options. So here is the documented steps on how I did it. Keep in mind that there could be some difference in your situation, but I hope I could help you with this post. So let’s start fellas…

The Steps:

1. Install Apache with complete module and load these module:

mod_proxy.so
mod_proxy_http.so
mod_headers.so

2. Install mod_proxy_html.so (download from http://apache.webthing.com/mod_proxy_html/mod_proxy_html.c):

#apxs -c -I/usr/include/libxml2 -i mod_proxy_html.c

if you encountered bash: apxs:command not found
, try #find / -name apxs

if you found the apxs, then it is caused by the apxs isn’t in your $PATH. Run the same command using the full path to the apxs. For example:

#/usr/local/apache/bin/apxs -c -I/usr/include/libxml2 -i mod_proxy_html.c

if you found no apxs, then you need to install httpd-devel first

in Fedora Core 5, you can find the httpd-devel RPM in disc 4, however the httpd-devel depend on apr-devel (disc 3) and apr-util-devel (disc 4), so you need to install both apr-devel and apr-util-devel before installing the httpd-devel

#rpm -Uvh package

3. Add the following line in httpd.conf:

LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so

*make sure the LoadFile line comes before mod_proxy_html LoadModule

4. Uncomment and edit the following lines like below:


ProxyRequests Off


Order deny,allow
Allow from all

It’s important to disable the ProxyRequests line or bad guys out there can use your proxy server to send spam emails or for other misuse acts.

5. Start the httpd service:

#service httpd start

6. If there is no error message, then you have configured your apache for reverse proxy properly. Now let’s add the direction of the reverse proxy.

7. From my research in the internet, I found that there two ways to create reverse proxy. One is to create the reverse proxy line right after the line on the step 4. The second way, which I preferred, is by integrating it inside the virtual host lines. I found the second way to be more flexible in the configuration.

Add the following lines in the virtual proxy lines (on the last lines of httpd.conf file):

ServerName mail.company.com
ProxyRequests off
SSLProxyEngine on
ProxyPass / https://10.10.10.8/
ProxyPassReverse / https://10.10.10.8/
ProxyPreserveHost On


SetOutputFilter proxy-html
ProxyHTMLURLMap / /
RequestHeader unset Accept-Encoding

I will explain briefly about the codes, but don’t blame me if I made a mistake with the explanation cause I’m also a newbie in the apache world. ;D

Specify your proxy server IP address and port to be contacted.

ServerName mail.company.com

Specify what is the header that the apache will process when it received such header.

ProxyRequests off

Just to make sure the issue in step 4 is not forgotten.

SSLProxyEngine on

This line is important if you are reverse proxying an https server.

ProxyPass / https://10.10.10.8/
ProxyPassReverse / https://10.10.10.8/

Honestly, I don’t really understand the difference, but the sources I found did these, so I think I better follow them. Basically the / after ProxyPass and ProxyPassReverse means where you specify what should follows after the header specified in the ServerName line. If you want it to be mail.company.com/email/, then the line would be like this:

ProxyPass /mail/ https://10.10.10.8/
ProxyPassReverse /mail/ https://10.10.10.8/

While the https://10.10.10.8 is the IP address of hostname of the server you are securing.

ProxyPreserveHost On

Now, this line means that the reverse proxy server will always forward the header name typed in the users browser. Without this line, the real IP or hostname of the server you are securing will be forwarded. Not a good news for us…


SetOutputFilter proxy-html
ProxyHTMLURLMap / /
RequestHeader unset Accept-Encoding

Now, don’t ask me what these lines mean. I really have no idea the exact way they work in the reverse proxy configuration. But make sure that the / after the location is the same with the / in the ProxyPass and ProxyPassReverse line. As I’ve said I don’t really understand what the lines after means, but if you don’t have them, the website you are reverse proxying will show no pictures.

8. What I found is so funny with the articles about reverse proxying of Lotus Notes Webmail is, none of them discuss anything about the Lotus Notes Webmail setting itself. When I started configuring the apache for reverse proxy, I almost gave up because whatever line I added seems gave no effect.

But after I started to work with the Lotus Notes Admin and learned how the Lotus Notes Webmail configuration actually work, then I could start to solve the problems.

From my test server, here are the settings that you should have in the Lotus Notes Webmail Server:

– Set the Redirection to Dynamic
– Set the sites header and make sure they have their correspond line in the ServerName of Apache httpd.conf
– Create multiple IP address on the Windows so the Lotus Notes Webmail Sites can use different IP address

Allright, with all of these set, you should be able to try accessing the Lotus Notes Webmail through your new Reverse Proxy Server. I hope this post can help you and I can give back what I have learned from these generous posts:

– Running a Reverse Proxy with Apache
– Apache Reverse Proxy – Waikato Linux Users Group
– Protecting OWA with Apache
– Other posts that I forgot their link address

Reading articles about reverse proxying OWA (Outlook Web Access) with Apache was also very very helpful for me. So you might want to check some of them too.

You can drop me questions and I will answer them the best I could. Allright, good luck guys!

10 thoughts on “Setup Reverse Proxy with Apache for Lotus Notes Webmail”

  1. Pingback: How to Setup Reversed Proxy to Domino Web Server
  2. Trackback: How to Setup Reversed Proxy to Domino Web Server
  3. 周瑜 says:

    RequestHeader unset Accept-Encoding tells Apache to strip Accept-Encoding in the HTTP Request Header. This prevents the Notes server from sending compressed encoding to Apache (because Apache tells Notes that it supports compression) and prevents it from rewriting the URL.

    Example of Encoding: GZIP, DEFLATE

  4. Docwyatt2001 says:

    I’ve set this up at my organisation – the question I have is what if you have multiple Domino servers depending on where the user is? How can you easily achieve this (including performance issues/caching, etc)? I’ve sort of got it working, but speed seems to be the biggest issue.

  5. djitz says:

    @Docwyatt2001,

    I’m really sorry I no longer work as administrator for a year already, however I will try to answer your questions.

    What if you have multiple Domino servers depending on where the user is?
    > We also had two servers back then that has different users. What I did was I created two VirtualHosts (step 7)

    How can you easily achieve this (including performance issues/caching, etc)?
    > I didn’t had a chance to do performance tests, but as far as I remember, the Fedora box works great and had no performance nor speed trouble.

  6. Euriel says:

    Hello there,

    Great Tutorial, but could you please help me. Could you please help how to compile apache
    to load the modules:

    mod_proxy.so
    mod_proxy_http.so
    mod_headers.so

    With the best !

  7. Euriel says:

    I forgot to ask what Operative System version & Apache Version did you use ?

    With the best

    1. djitz says:

      I use Linux Fedora 5 and the default Apache that comes with it.. (I forgot what was the Apache version)
      To load the modules just make sure they are uncommented in the httpd.conf file.
      I think only mod_proxy.so need to be installed as I mentioned in the steps I took, the other two already defaultly installed.

      Anyway, you can google for the manual on installing Apache modules, specifically the modules I mentioned.

      Sorry can’t help much because I’m not an Admin anymore for almost two years.. 😀

  8. chkpop says:

    can reverse proxy be used as POP3 for blackberry service

    1. djitz says:

      haven’t tried it… it’s possible though but not using Apache, because Apache is a web server..

  9. franky_joq says:

    Many thank’s for Djitz.com …… we can build new reverse proxy, now …….

Leave a Reply

Your email address will not be published. Required fields are marked *