Thread: [SOLVED] Zimbra redirects https to http when proxying
View Single Post
  #2 (permalink)  
Old 07-13-2009, 05:48 PM
tasis tasis is offline
Junior Member
  
Posts: 7
Default
Quote:
Originally Posted by Kallisti View Post
Hi guys!

I'm having problems proxying Zimbra. I have tried both with Apache and with nginx and with both I get the same problem. I want Zimbra to run only over SSL and I've set up a special domain z.domain.tld. When I go to https://z.domain.tld I want to get Zimbra and when going to http://z.domain.tld, https://*.domain.tld, http://*.domain.tld I want something else (i.e. Apache). It works as far as Zimbra login. After I have logged in Zimbra redirects me to http://z.domain.tld! If I again enter https://z.domain.tld I get logged in an can continue over SSL until I log out, which again redirects me to http.

I have tried this with both apache and nginx, different zmtlsctl settings, making Zimbra listen on https (9443) internally and http (9080), reconfiguring and reinstalling, but still the same problem. I can't really understand it and why Zimbra has to care about the domain-part after login and logout...

Anyone have any ideas on the reason for my problems? Or, if you would try to configure Zimbra to get the setup I outlined how would you do it, starting from scratch? I have reinstalled Zimbra so many times now, it's no problem to do it again!

Thanks!
/K
Hi, I ran exactly into the same problem that you mentioned. I wanted my reverse web proxy (pound) in my DMZ to take care of all the HTTPS SSL stuff and to communicate via simple HTTP to the actual Zimbra server in my LAN.

However, as you say this completely breaks down after logins and logouts as Zimbra hardcodes the url to http://...

I did not attempt to solve the problem but to eliminate it: I installed nginx side-by-side with pound on the reverse web proxy.

nginx listens on port 80 and just does a basic rewrite http:// -> https://
pound listens on port 443 and does its normal stuff (SSL negotiation and then forwards the request to port 80 of the internal zimbra server)

This works like a charm! Even when the internal zimbra server sends back an http:// url, nginx picks it up and rewrites it, and hands it over to pound as https:// as if it was originally sent like this from the browser.

I hope I have helped...

Tasis
Reply With Quote