Skip to content

Check connectivity

Once Domino REST API is up and running, check that communication works as expected. In this check, the following names are going to be used as examples:

  • Fully qualified domain name (FQDN): domino.acme.com
  • Domino server fully qualified name: CN=tango/OU=servers/O=ACME Inc
  • Domino server common name: tango

Replace these names with the ones matching your installation.

Note

Avoid localhost or any *.local domain names. They don't route.

Basic check - PING

Run the following commands on the command line on your server:

ping domino.acme.com
ping tango

Both commands need to succeed in reaching out to any or both 127.0.0.1 and ::1. If any of these doesn't work, amend your hosts file:

127.0.0.1     domino.acme.com
127.0.0.1     tango
::1           domino.acme.com
::1           tango

On Linux or macOS, edit /etc/hosts. On Windows, edit C:\Windows\System32\drivers\etc\hosts.

HTTP connectivity

http is going to be used in the following examples.

Note

If you have configured https, and you should, use that. Also, you might not need port 8880 when you opted for a proxy configuration. You can learn more about ports here.

Client access

On any machine that wants to use the Domino REST API, use the following command. It needs to succeed.

curl -v http://domino.acme.com:8880/api

Try the following commands, which MUST fail with "connection denied" by your firewall.

curl -v http://domino.acme.com:8880/metrics
curl -v http://domino.acme.com:8889/
curl -v http://domino.acme.com:8886/

If you get an HTTP 4xx status, it means the port is reachable, which is a security hole. Close it and talk to your firewall admins.

Privileged access

Allow access, by firewall rule or ssh tunnel, for the following ports:

  • Port 8889

    The management port allows access to the Management console, which enables creating certs for JWT, salting & encoding passwords, and reviewing the actual configuration. Allow access to trained administrators from a secure network only.

  • Port 8886

    The Healthcheck port is typically used in Kubernetes environments. Only the server running system management and monitoring should have access.

  • Port 8890

    Port allowing collection of metrics data in Prometheus format. Only the Prometheus server should have access. Used for dashboards with Grafana.

Next step

Proceed to Secure ports.