Domino on QNAP NAS

How to run HCL Domino on a QNAP NAS

This article describes to run HCL Domino on a QNAP Network Attached Storage device.

Table of contents

How to run HCL Domino on a QNAP NAS
Instructions
What else you need to know

Background

Network attached storage devices (NAS) offer much more than just disk space these days, they are quite powerful servers overall. Certainly good enough to run HCL Domino.

Why QNAP ?

Simply because we had the device available and tried it. Other vendors like Synology should work as well. If time permits we will publish instructions for other platforms as well.

Requirements

A QNAP Network Attached Storage device which meets the following criteria:

x86 compatible CPU (avoid the ARM CPU’s like Marvel or AnnapurnaLabs - they will not work!)
runs Container Station
somewhat meets the official Domino system requirements for free disk space, memory and CPU resources available

and (optionally) a workstation to be used for building your container image.

Recommendations

While it is possible to run Domino on devices with 2GB of memory or even less, a production deployment should consider using:

8 GB of memory
2 CPU cores (preferably MultiThreaded)
4 Bays for a redundant HDD configuration e.g. RAID 5
a Gigabit LAN connection

Instructions

On high level, you need to:

Install Container Station from the QNAP AppStore
Prepare your Docker image, either by downloading a ready-built image or by building your own
Upload the image to ContainerStation
Create a persistent volume (or use an existing folder on your NAS)
Run a container based on the image

Step-by-Step

Ok, here the instructions for newbies

1. Install ContainerStation

Login to your QNAP NAS Admin user interface using a web browser. In App Center, search for ContainerStation and click on install if it is not already installed. QNAP App Center

2. Prepare the Domino Docker image

This step needs to be completed outside the QNAP NAS, e.g. on your workstation, etc.

There are two options to choose from:

a) just download the HCL Domino Docker image - no further actions required, you can continue to the next chapter

b) build your own image - e.g. an “all inclusive” image containing Domino, Verse, Nomad, …, and Leap

For option b) see instructions for cloning this repo and downloading the required installation files.

To build an image that contains Domino, Verse and Nomad all together, issue this command:

./build.sh domino +verse +nomad

On top of this Domino ‘base’ image above, you can now build an image which also contains HCL Domino Leap (aka Domino Volt). It must be built in two steps because Domino Leap requires a different license.

./build.sh leap

Export the image to a *.tar file Export the image that was built above into a *.tar file on your machine usage: docker image save -o YourTargetFilename.tar imagename:tag

docker image save -o ./domino1202-verse-nomad.tar hclcom/domino:12.0.2

or for the Leap image: docker image save -o ./domino1202-verse-nomad-leap.tar hclcom/leap:1.0.1

3. Upload the image to ContainerStation

Uploading the image to your NAS will transfer the image file over the network. This file is between 1.5GByte and 2GByte in size. To avoid excessive load times please prefer a wired network connection to your NAS.

Via the Browser

Open ContainerStation on your QNAP NAS
Click Import in the left side navigator
Click Import in the top right corner to open the import image dialog
Choose the location of the *.tar file
Confirm the import Depending on your network bandwidth this process may take some time.
validate the import was successful by clicking on “Images”, where you should now be able to see the image:

Via Command Line

Copy the *.tar file exported above to a directory on your QNAP NAS
SSH into the NAS using admin privileges. Note: SSH access needs to be enabled on your NAS first!
Navigate to the directory into which you have uploaded the *.tar file

Import the image using the following command

docker image load -i ./YourImageFilename.tar

Validate the import was successful by typing - you should see the image name listed in the output
```
docker images
```
Exit / close the SSH session

4. Create a persistent volume

Since we want any Domino Data to be persistent, meaning to survive a the container to be killed/replaced with a newer one, we need to define a docker volume.

The easiest method is to use a docker volume at the time of starting the container. However, this will not, or not easily, allow to access Domino data files over a network share. Skip to the next chapter if this is ok.

For easy access the Domino Data directory over your QNAP network file share/SMB, you first need to create a folder on your NAS and condition it for the docker runtime to get access.

Create an empty directory on your NAS, e.g. using FileStation. All files in here will be persistent. Best Practice is to create a folder for each type of data, e.g. notesdata, translog, nif, ft, daos. Even if you don’t use them now, create (lowercase) subdirectories as shown:

Directory	Description
daos	Domino Attachments and Object Store (*.nlo)
ft	FullText Indexes
nif	NIF/NSF directory
notesdata	Main Domino Data directory (.nsf, .nsf)
translog	Transaciton log

QNAP FileStation

Change the owner of the folder so that the docker runtime will have the required permissions - e.g. use an SSH session to do that. The container will run with userid 1000 which in most cases is an existing user on your NAS.

Example: (adjust to your data directory)

cd /DATA/Dockervolumes/Domino
chown -R 1000:1000 

The root of this folder (/Domino) will be mounted to /local inside the container in the next step.

5. Run a container with Domino

Finally let’s start a Domino container:

Within ContainerStation on your QNAP NAS, click on “Create” and search for “domino” (or ‘leap’ if you have used that image). It should find the image you uploaded earlier on ‘local’ - click “install” as shown:
Define a meaningful name for the container and change resource limits for CPU and memory as needed
Open Advanced Settings to change network settings. Define a hostname that will be used inside the container, at least port 1352 is exposed so that you can access this server from a client. If you don’t specify a host port, QNAP will randomly assign an available TCP port. Make sure to set a host port for all ports/services you want to access later on. e.g. SMTP, HTTP(s), Nomad, etc.
In Shared Folders either create a new Docker volume (which is the first) or as shown in this screenshot use the folder created in the previous step as your mount point. Use “/local” as your mount point inside the container.
Review all settings
Now really check all settings again
Click “Create” to start the container with Domino running inside.

This will start an empty Domino server which still needs to be configured, use the remote server setup tool and connect to port 1352 to proceed.

Hint: Access to the OS layer inside the container is available using the Terminal action in ContainerStation

What else you need to know

Your Domino server is now up and running, but what are the specialities you need to know about?

HCL support can not help with any QNAP related questions. For questions use the Github Issue Tracker

Security

The best security is dependent on the weakest link. So…

For QNAP admin account(s) using two factor authentication (TOTP) is a musthave.
Disable any services not used, e.g. Multimedia
Do not directly expose the NAS to the Web, only expose the ports you really need.
Learn about Hardening QNAP Devices
Enable updating the QNAP Firmware automatically - It will make your life so much easier.
Understand the implications of The User ID 1000
Back up your Domino server even if it is running as a container. DominoBackup is your friend.

Port mapping

When the container is using the IP address of the NAS, all applications, all containers, etc. will be sharing the same IP address. The Domino port 1352 can only be assigned to exactly one container. If more than one Domino server is running on your NAS, the container itself can still expose port 1352 but it will need to be mapped to another TCP port when running the container. ContainerStation will not allow to create a container with a port conflict.

How to migrate my existing server?

Instructions above are for a new/empty Domino server. If you have an existing server.id with existing Domino data that you want to move into this container, you need to perform the following:

After completing the Step-by-step instructions above, shut down the container by using the stop button in ContainerStation
Copy your existing Domino Data directory into the persistent volume created earlier. Hint: this is much easier when you have used a “volume from host” mount point that you can access as a file share.
Make sure to update file/folder owner and permissions accordingly
Check notes.ini and server document (by opening the names.nsf from the file share) for hardcoded path/file names from your previous server and update them. Especially check DAOS, FT and Translog folder settings.
When moving from Windows to Linux, be warned, the file system is case sensitive!
Update your DNS records as needed
Start the Domino container again with the new configuration by clicking the start button in the list of containers in ContainerStation

The User ID 1000

By default a Docker container will internally run with the user id 1000, which in many cases is an existing user id. While there are methods to run the container with a different user id, this is not yet covered here.

Compatibility

The following list of QNAP devices have been reported to be working fine:

TVS-682

There may be many, MANY more - we just have not tested them all.

References

Some useful references

Final Remarks

This guide has been written based on the QTS operating system of QNAP. While commands listed above and ContainerStation should work the same on QuTS Hero it has not been tested explicitly. Your milage may vary, we welcome your feedback.