LinkBack URL
About LinkBacks
Upgraded from 5.02 to 5.07, mod_proxy now misbehaving
As with many users running Zimbra, our installation is in an environment in which apache is installed and serving other applications. I have set zimbrahttp to 8080 and https to 8443 and have been using mod_proxy to terminate the ssl connection and passing the traffic on to zimbra. All did work well, after the upgrade to 5.07, the ssl login page is presented, but an http page is returned after login. I do not want any clear text communication, thus no http over the net. If I append a s the http: the client loads and all subsequent returned urls are not rewritten to http. Maybe I did something on the original zimbra install that I don't remember with zimbra the first time, but
TIA for any help, Bob
I don't what it could be. Below is the mod_proxy config:
<VirtualHost 192.10.200.165:443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/mail"
ServerName my.domain.net:443
Redirect / https://my.domain.net/zimbra/
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_mail_error_log
TransferLog logs/ssl_mail_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/mail.domain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mail.domain.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<IfModule mod_proxy.c>
RequestHeader set Front-End-Https On
ProxyRequests On
ProxyPreserveHost On
ProxyVia full
<Location "/service">
# Modify to your setup, but do NOT skip these lines --
# you MUST configure access controls securely!
Order deny,allow
Allow from 127.0.0.1
Allow from all
# Replace this URL with the host/port that the
# Zimbra user web interface is using
ProxyPass http://my.domain.net:8080/service
ProxyPassReverse http://my.domain.net:8080/service
</Location>
<Location "/zimbra">
# Modify to your setup, but do NOT skip these lines --
# you MUST configure access controls securely!
Order deny,allow
Allow from 127.0.0.1
Allow from all
# Replace this URL with the host/port that the
# Zimbra user web interface is using
ProxyPass http://my.domain.net:8080/zimbra
ProxyPassReverse http://my.domain.net:8080/zimbra
</Location>
# Only include this section to enable access to
# the Zimbra administrative web interface
<Location "/zimbraAdmin">
# Modify to your setup, but do NOT skip these lines --
# you MUST configure access controls securely!
Order deny,allow
Allow from 127.0.0.1
Allow from all
# Replace this URL with the host/port that the
# Zimbra administrative web interface is using
ProxyPass https://my.domain.net:7071/zimbraAdmin
ProxyPassReverse https://my.domain.net:7071/zimbraAdmin
</Location>
<Location "/zimbra/h/changepass">
# Modify to your setup, but do NOT skip these lines --
# you MUST configure access controls securely!
Order deny,allow
Allow from 127.0.0.1
Allow from all
# Replace this URL with the host/port that the
# Zimbra user web interface is using
ProxyPass http://my.domain.net:8080/zimbra/h/changepass
ProxyPassReverse http://my.domain.net:8080/zimbra/h/changepass
</Location>
</IfModule>
</VirtualHost>
