How to run HCL Domino on a QNAP NAS
This article describes to run HCL Domino on a QNAP Network Attached Storage device.
Table of contents
- How to run HCL Domino on a QNAP NAS
- What else you need to know
Network attached storage devices (NAS) offer much more than just disk space these days, they are quite powerful servers overall. Certainly good enough to run HCL Domino.
Why QNAP ?
Simply because we had the device available and tried it. Other vendors like Synology should work as well. If time permits we will publish instructions for other platforms as well.
A QNAP Network Attached Storage device which meets the following criteria:
- x86 compatible CPU (avoid the ARM CPU’s like Marvel or AnnapurnaLabs - they will not work!)
- runs Container Station
- somewhat meets the official Domino system requirements for free disk space, memory and CPU resources available
and (optionally) a workstation to be used for building your container image.
While it is possible to run Domino on devices with 2GB of memory or even less, a production deployment should consider using:
- 8 GB of memory
- 2 CPU cores (preferably MultiThreaded)
- 4 Bays for a redundant HDD configuration e.g. RAID 5
- a Gigabit LAN connection
On high level, you need to:
- Install Container Station from the QNAP AppStore
- Prepare your Docker image, either by downloading a ready-built image or by building your own
- Upload the image to ContainerStation
- Create a persistent volume (or use an existing folder on your NAS)
- Run a container based on the image
Ok, here the instructions for newbies
1. Install ContainerStation
Login to your QNAP NAS Admin user interface using a web browser. In App Center, search for ContainerStation and click on install if it is not already installed.
2. Prepare the Domino Docker image
This step needs to be completed outside the QNAP NAS, e.g. on your workstation, etc.
There are two options to choose from:
a) just download the HCL Domino Docker image - no further actions required, you can continue to the next chapter
b) build your own image - e.g. an “all inclusive” image containing Domino, Verse, Nomad, …, and Leap
For option b) see instructions for cloning this repo and downloading the required installation files.
To build an image that contains Domino, Verse and Nomad all together, issue this command:
./build.sh domino +verse +nomad
On top of this Domino ‘base’ image above, you can now build an image which also contains HCL Domino Leap (aka Domino Volt). It must be built in two steps because Domino Leap requires a different license.
Export the image to a *.tar file Export the image that was built above into a *.tar file on your machine usage: docker image save -o YourTargetFilename.tar imagename:tag
docker image save -o ./domino1202-verse-nomad.tar hclcom/domino:12.0.2
or for the Leap image: docker image save -o ./domino1202-verse-nomad-leap.tar hclcom/leap:1.0.1
3. Upload the image to ContainerStation
Uploading the image to your NAS will transfer the image file over the network. This file is between 1.5GByte and 2GByte in size. To avoid excessive load times please prefer a wired network connection to your NAS.
Via the Browser
- Open ContainerStation on your QNAP NAS
- Click Import in the left side navigator
- Click Import in the top right corner to open the import image dialog
- Choose the location of the *.tar file
- Confirm the import Depending on your network bandwidth this process may take some time.
- validate the import was successful by clicking on “Images”, where you should now be able to see the image:
Via Command Line
- Copy the *.tar file exported above to a directory on your QNAP NAS
- SSH into the NAS using admin privileges. Note: SSH access needs to be enabled on your NAS first!
- Navigate to the directory into which you have uploaded the *.tar file
- Import the image using the following command
docker image load -i ./YourImageFilename.tar
- Validate the import was successful by typing - you should see the image name listed in the output
- Exit / close the SSH session
4. Create a persistent volume
Since we want any Domino Data to be persistent, meaning to survive a the container to be killed/replaced with a newer one, we need to define a docker volume.
The easiest method is to use a docker volume at the time of starting the container. However, this will not, or not easily, allow to access Domino data files over a network share. Skip to the next chapter if this is ok.
For easy access the Domino Data directory over your QNAP network file share/SMB, you first need to create a folder on your NAS and condition it for the docker runtime to get access.
- Create an empty directory on your NAS, e.g. using FileStation. All files in here will be persistent. Best Practice is to create a folder for each type of data, e.g. notesdata, translog, nif, ft, daos. Even if you don’t use them now, create (lowercase) subdirectories as shown:
|daos||Domino Attachments and Object Store (*.nlo)|
|notesdata||Main Domino Data directory (*.nsf, *.nsf)|
- Change the owner of the folder so that the docker runtime will have the required permissions - e.g. use an SSH session to do that. The container will run with userid 1000 which in most cases is an existing user on your NAS.
Example: (adjust to your data directory)
cd /DATA/Dockervolumes/Domino chown -R 1000:1000
The root of this folder (/Domino) will be mounted to /local inside the container in the next step.
5. Run a container with Domino
Finally let’s start a Domino container:
Within ContainerStation on your QNAP NAS, click on “Create” and search for “domino” (or ‘leap’ if you have used that image). It should find the image you uploaded earlier on ‘local’ - click “install” as shown:
Define a meaningful name for the container and change resource limits for CPU and memory as needed
Open Advanced Settings to change network settings. Define a hostname that will be used inside the container, at least port 1352 is exposed so that you can access this server from a client. If you don’t specify a host port, QNAP will randomly assign an available TCP port. Make sure to set a host port for all ports/services you want to access later on. e.g. SMTP, HTTP(s), Nomad, etc.
In Shared Folders either create a new Docker volume (which is the first) or as shown in this screenshot use the folder created in the previous step as your mount point. Use “/local” as your mount point inside the container.
- Review all settings
- Now really check all settings again
- Click “Create” to start the container with Domino running inside.
This will start an empty Domino server which still needs to be configured, use the remote server setup tool and connect to port 1352 to proceed.
Hint: Access to the OS layer inside the container is available using the Terminal action in ContainerStation
What else you need to know
Your Domino server is now up and running, but what are the specialities you need to know about?
- HCL support can not help with any QNAP related questions. For questions use the Github Issue Tracker
The best security is dependent on the weakest link. So…
- For QNAP admin account(s) using two factor authentication (TOTP) is a musthave.
- Disable any services not used, e.g. Multimedia
- Do not directly expose the NAS to the Web, only expose the ports you really need.
- Learn about Hardening QNAP Devices
- Enable updating the QNAP Firmware automatically - It will make your life so much easier.
- Understand the implications of The User ID 1000
- Back up your Domino server even if it is running as a container. DominoBackup is your friend.
When the container is using the IP address of the NAS, all applications, all containers, etc. will be sharing the same IP address. The Domino port 1352 can only be assigned to exactly one container. If more than one Domino server is running on your NAS, the container itself can still expose port 1352 but it will need to be mapped to another TCP port when running the container. ContainerStation will not allow to create a container with a port conflict.
How to migrate my existing server?
Instructions above are for a new/empty Domino server. If you have an existing server.id with existing Domino data that you want to move into this container, you need to perform the following:
- After completing the Step-by-step instructions above, shut down the container by using the stop button in ContainerStation
- Copy your existing Domino Data directory into the persistent volume created earlier. Hint: this is much easier when you have used a “volume from host” mount point that you can access as a file share.
- Make sure to update file/folder owner and permissions accordingly
- Check notes.ini and server document (by opening the names.nsf from the file share) for hardcoded path/file names from your previous server and update them. Especially check DAOS, FT and Translog folder settings.
- When moving from Windows to Linux, be warned, the file system is case sensitive!
- Update your DNS records as needed
- Start the Domino container again with the new configuration by clicking the start button in the list of containers in ContainerStation
The User ID 1000
By default a Docker container will internally run with the user id 1000, which in many cases is an existing user id. While there are methods to run the container with a different user id, this is not yet covered here.
The following list of QNAP devices have been reported to be working fine:
There may be many, MANY more - we just have not tested them all.
Some useful references
This guide has been written based on the QTS operating system of QNAP. While commands listed above and ContainerStation should work the same on QuTS Hero it has not been tested explicitly. Your milage may vary, we welcome your feedback.