Zimbra 5.0 RC1 http jetty binding to IP on Server to multiple IPs

[Developer]

Many thanks, here you go:

jetty.xml.in
-----------
<!-- ================================================== ========= -->
<!-- Set connectors -->
<!-- ================================================== ========= -->

<!-- user services connector, no SSL -->
<!-- HTTPBEGIN
<Call name="addConnector">
<Arg>
<New id="http" class="org.mortbay.jetty.nio.SelectChannelConnecto r">
<Set name="port"><SystemProperty name="jetty.port" default="%%zimbraMailPort%%"/></Set>
<Set name="maxIdleTime">30000</Set>
<Set name="lowResourceMaxIdleTime">1000</Set>
<Set name="Acceptors">2</Set>
<Set name="confidentialPort">%%zimbraMailSSLPort%%</Set>
<Set name="Host">85.17.7.237</Set>
</New>
</Arg>
</Call>
HTTPEND -->

<!-- user services connector, SSL -->
<!-- HTTPSBEGIN -->
<Call name="addConnector">
<Arg>
<New id="ssl" class="org.mortbay.jetty.security.SslSelectChannel Connector">
<Set name="Port">%%zimbraMailSSLPort%%</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="lowResourceMaxIdleTime">1000</Set>
<Set name="Acceptors">2</Set>
<Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
<Set name="password">@@mailboxd_keystore_password@@</Set>
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<Set name="Host">85.17.7.237</Set>
</New>
</Arg>
</Call>
<!-- HTTPSEND -->

<!-- ================================================== ============= -->
<!-- Admin services connector; requires SSL -->
<!-- ================================================== ============= -->
<Call name="addConnector">
<Arg>
<New id="admin" class="org.mortbay.jetty.security.SslSelectChannel Connector">
<Set name="Port">7071</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="lowResourceMaxIdleTime">1000</Set>
<Set name="Acceptors">2</Set>
<Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
<Set name="password">@@mailboxd_keystore_password@@</Set>
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<Set name="Host">85.17.7.237</Set>
</New>
</Arg>
</Call>

---------------------------------------------------------------------
zimbra.web.xml.in and zimbraAdmin.web.xml.in
---------------------------------------------------------------------
<context-param>
<param-name>zimbra.soap.url</param-name>
<param-value>http://85.17.7.237/service/soap</param-value>
</context-param>

May be i should mention that web access is set to only https.

tnx,
Dirk

[bonadio]

Yes running in https mode is the problem, I am running in mixed mode.

but if you change the URL to https it will work in https mode, so change

<context-param>
<param-name>zimbra.soap.url</param-name>
<param-value>http://85.17.7.237/service/soap</param-value>
</context-param>

TO

<context-param>
<param-name>zimbra.soap.url</param-name>
<param-value>https://85.17.7.237/service/soap</param-value>
</context-param>

And it should work.

[]s

[Developer]

Great! It works

I should have thought of that myself..

But still i didn't achieve my goal: running 2 SSL-servers on 1 box on different IP's. When i start my other (Apache2) server it still complains that there is already a SSL-server running.

I don't get that: it's on a different IP than Apache's; or is it impossible to run 2 SSL-servers on 1 box?

Many thanks for your help, 1 appreciate it.

Dirk

[bonadio]

You are welcome,

You should be able to run 2 apaches in the same box with 443,
but they need to be bound to different IPs.

Log file is your friend.

good luck

[]s

[jtorreke]

Hi,

I installed the open source edition 5.0.6. I followed 2 forum threads I found here to get zimbra to bind to 1 IP (my box has 5). Everything works (or seems to work), but there is something I just cannot get to work.

zimbra@midgard:~$ zmprov modifyServer zimbra.xxxxxxxx.be zimbraMtaMyNetworks '127.0.0.0/8 87.237.xx.xx/32'
ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)

If I don't do this, I cannot send email from the webinterface. But how can I get the zm-commands to use the server IP instead of localhost here? Or where can I start my search in order to solve this? I adjusted jetty.xml.in and the zimbra.web.xml.in en zimbraAdmin.web.xml.in files according to the information found in this thread.

Thanks!

[jtorreke]

Hi,

I have found what I am searching for, so I will post it for the people who will ever encounter this too.

zmprov -s zimbra.xxx.be modifyServer zimbra.xxxe.be zimbraMtaMyNetworks '127.0.0.0/8 87.237.xx.xx/32'

Just add the -s option to specify to where the tool should do it's webservice posts

Thanks!

[bobby]

or configure zmprov to use the zmhostname (which resolves to the appropriate ip address):
$ zmlocalconfig -e zimbra_zmprov_default_soap_server=zimbra.domain.be

btw we are working to handle the general issue reported in this thread:
Bug 6111 - allow user to specify interface to bind to, instead of taking them all