Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Best Practice (Zimbra / Apache / other services)

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-14-2008, 04:55 AM
Active Member
  
Posts: 32
Default Best Practice (Zimbra / Apache / other services)
Hi there

my waf is constantly going down right now, as she can't access the webmail feature from work, which is obviously, as I redirect to tcp port 444 to get 443 free fro apache.

So, my weekend task is to fix this issue.

I've read a lot about using zimbra and apache (virtual hosts) on the same server and I know it's not the preffered way, but getting another root server just for zimbra is obviously not MY preffered way :-)

I do have an option for several IP Addresses for my root server and actually thought it might be a good idea to use a dedicated on for all zimbra related stuff.

So, my idea is:

- leave all standard mail services to listen on all IP Addresses (so that stuff in virtual servers on the "main" IP can access it right away (do I actually need this? Won't the use these features (phpmail, etc.) anyway through local system calls instead of IP?

- move the Zimbra Web Services to a dedicated IP, i.e. zimbraAdmin and the webmail interface

- keep working with all that virtual servers on the original IP.

I found a wiki entry which si based on 4.5, anyone here who got it working with v5.x?

Anyone any other ideas?

The main Problem is, that I really need to use deafult ports for the services, as I can't always touch firewalls (specially not the one in my wife's ompany)

Thanks a lot in advance

f0rd42
Reply With Quote
  #2 (permalink)  
Old 11-14-2008, 05:38 AM
Moderator
  
Posts: 7,928
Default
If you have free IPs and enough memory then why not virtualise your server ?
__________________
Reply With Quote
  #3 (permalink)  
Old 11-14-2008, 07:01 AM
Active Member
  
Posts: 32
Default
Good point, but unfortunately the server only has 2 GB

f0rd42
Reply With Quote
  #4 (permalink)  
Old 11-14-2008, 10:55 AM
Active Member
  
Posts: 32
Default
Ok, I tried to follow the available documentation which leads me to a totally unusabel system :-(

I basically followed this article:

- I did the postfix change
- I did the tomcat jetty changes according to this article
- I did the java changes in ldap according to the first article. Only Problem: I can't set zimbraLmtpSSLBindAddress, but I can set zimbraLmtpBindAddress (does it make any differences?)
- I changes the zmapache settings to liste to a specific iport instead of just the port
- I haven't touched clamd

my /opt/zimbra/jetty/etc/jetty.xml.in:

Code:
 <!-- =========================================================== -->
    <!-- Set connectors                                              -->
    <!-- =========================================================== -->

    <!-- user services connector, no SSL -->
    <!-- HTTPBEGIN -->
    <Call name="addConnector">
      <Arg>
          <New id="http" class="org.mortbay.jetty.nio.SelectChannelConnector">
            <Set name="port"><SystemProperty name="jetty.port" default="%%zimbraMailPort%%"/></Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="lowResourceMaxIdleTime">1000</Set>
            <Set name="Acceptors">2</Set>
            <Set name="confidentialPort">%%zimbraMailSSLPort%%</Set>
            <Set name="Host">78.47.207.81</Set>
          </New>
      </Arg>
    </Call>
<!-- HTTPEND -->
    
    <!-- user services connector, SSL -->
    <!-- HTTPSBEGIN
    <Call name="addConnector">
      <Arg>
        <New id="ssl" class="org.mortbay.jetty.security.SslSelectChannelConnector">
          <Set name="Port">%%zimbraMailSSLPort%%</Set>
          <Set name="Host">78.47.207.81</Set>
          <Set name="maxIdleTime">30000</Set> 
          <Set name="lowResourceMaxIdleTime">1000</Set>
          <Set name="Acceptors">2</Set>
          <Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
          <Set name="password">@@mailboxd_keystore_password@@</Set>
          <Set name="ExcludeCipherSuites">
            <Array type="java.lang.String">
              %%zimbraSSLExcludeCipherSuites%%
            </Array>
          </Set>
        </New>
      </Arg>
    </Call>
HTTPSEND -->

 <!-- =============================================================== -->
    <!-- Admin services connector; requires SSL -->
    <!-- =============================================================== -->
    <Call name="addConnector">
      <Arg>
        <New id="admin" class="org.mortbay.jetty.security.SslSelectChannelConnector">
          <Set name="Port">7071</Set>
          <Set name="Host">78.47.207.81</Set>
          <Set name="maxIdleTime">30000</Set>
          <Set name="lowResourceMaxIdleTime">1000</Set>
          <Set name="Acceptors">2</Set>
          <Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
          <Set name="password">@@mailboxd_keystore_password@@</Set>
          <Set name="ExcludeCipherSuites">
            <Array type="java.lang.String">
              %%zimbraSSLExcludeCipherSuites%%
            </Array>
          </Set>
        </New>
      </Arg>
    </Call>


my zimbra.web.xml.in:

Code:
 <context-param>
           <param-name>zimbra.soap.url</param-name>
           <param-value>https:78.47.207.81/service/soap</param-value>
        </context-param>
my zimbraAdmin.web.xml.in:

Code:
<context-param>
           <param-name>zimbra.soap.url</param-name>
           <param-value>http://78.47.207.81/service/soap</param-value>
        </context-param>
zmprov gives me a:
Code:
ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
but zmprov -l works fine.

a zmprov -l gs marvin.dieball.net tells me:

Code:
[zimbra@marvin etc]$ zmprov -l gs marvin.dieball.net
# name marvin.dieball.net
cn: marvin.dieball.net
objectClass: zimbraServer
zimbraAdminPort: 7071
zimbraAdminURL: /zimbraAdmin
zimbraAttachmentsIndexedTextLimit: 1048576
zimbraBackupAutoGroupedInterval: 1d
zimbraBackupAutoGroupedNumGroups: 7
zimbraBackupAutoGroupedThrottled: FALSE
zimbraBackupMode: Standard
zimbraBackupReportEmailSubjectPrefix: ZCS Backup Report
zimbraBackupTarget: /opt/zimbra/backup
zimbraCalendarRecurrenceDailyMaxDays: 730
zimbraCalendarRecurrenceMaxInstances: 0
zimbraCalendarRecurrenceMonthlyMaxMonths: 360
zimbraCalendarRecurrenceOtherFrequencyMaxYears: 1
zimbraCalendarRecurrenceWeeklyMaxWeeks: 520
zimbraCalendarRecurrenceYearlyMaxYears: 100
zimbraClusterType: none
zimbraFileUploadMaxSize: 10485760
zimbraHsmAge: 30d
zimbraHttpNumThreads: 250
zimbraHttpSSLNumThreads: 50
zimbraId: 07423a1b-690d-49da-b49e-47d022940a00
zimbraImapBindAddress: 78.47.207.81
zimbraImapBindOnStartup: TRUE
zimbraImapBindPort: 7143
zimbraImapCleartextLoginEnabled: TRUE
zimbraImapNumThreads: 200
zimbraImapProxyBindPort: 143
zimbraImapSSLBindAddress: 78.47.207.81
zimbraImapSSLBindOnStartup: TRUE
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraImapSSLServerEnabled: TRUE
zimbraImapSaslGssapiEnabled: FALSE
zimbraImapServerEnabled: TRUE
zimbraLmtpBindAddress: 78.47.207.81
zimbraLmtpBindOnStartup: FALSE
zimbraLmtpBindPort: 7025
zimbraLmtpNumThreads: 20
zimbraLmtpPermanentFailureWhenOverQuota: FALSE
zimbraLmtpServerEnabled: TRUE
zimbraLogToSyslog: FALSE
zimbraMailDiskStreamingThreshold: 1048576
zimbraMailMode: http
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailPurgeSleepInterval: 1m
zimbraMailReferMode: reverse-proxied
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraMailURL: /zimbra
zimbraMemcachedBindPort: 11211
zimbraMessageCacheSize: 1671168
zimbraMtaAntiSpamLockMethod: flock
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: marvin.dieball.net
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: https://marvin.dieball.net/service/soap/
zimbraMtaDnsLookupsEnabled: TRUE
zimbraMtaMyDestination: localhost
zimbraMtaMyNetworks: 127.0.0.0/8 213.239.215.67/32 78.47.207.80/28
zimbraMtaTlsAuthOnly: TRUE
zimbraNotebookFolderCacheSize: 1024
zimbraNotebookMaxCachedTemplatesPerFolder: 256
zimbraNotebookPageCacheSize: 10240
zimbraNotifyBindPort: 7035
zimbraNotifySSLBindPort: 7036
zimbraNotifySSLServerEnabled: TRUE
zimbraNotifyServerEnabled: TRUE
zimbraPop3BindAddress: 78.47.207.81
zimbraPop3BindOnStartup: TRUE
zimbraPop3BindPort: 7110
zimbraPop3CleartextLoginEnabled: TRUE
zimbraPop3NumThreads: 100
zimbraPop3ProxyBindPort: 110
zimbraPop3SSLBindAddress: 78.47.207.81
zimbraPop3SSLBindOnStartup: TRUE
zimbraPop3SSLBindPort: 7900
zimbraPop3SSLProxyBindPort: 900
zimbraPop3SSLServerEnabled: TRUE
zimbraPop3SaslGssapiEnabled: FALSE
zimbraPop3ServerEnabled: TRUE
zimbraRedoLogArchiveDir: redolog/archive
zimbraRedoLogDeleteOnRollover: TRUE
zimbraRedoLogEnabled: TRUE
zimbraRedoLogFsyncIntervalMS: 10
zimbraRedoLogLogPath: redolog/redo.log
zimbraRedoLogRolloverFileSizeKB: 102400
zimbraRemoteManagementCommand: /opt/zimbra/libexec/zmrcd
zimbraRemoteManagementPort: 22
zimbraRemoteManagementPrivateKeyPath: /opt/zimbra/.ssh/zimbra_identity
zimbraRemoteManagementUser: zimbra
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyImapSaslGssapiEnabled: FALSE
zimbraReverseProxyImapStartTlsMode: only
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: both
zimbraReverseProxyPop3SaslGssapiEnabled: FALSE
zimbraReverseProxyPop3StartTlsMode: only
zimbraSSLCertificate: 
KEYKEYKEY
-----END CERTIFICATE-----
zimbraSSLPrivateKey: -----BEGIN RSA PRIVATE KEY-----
KEYKEYKEY
-----END RSA PRIVATE KEY-----
zimbraScheduledTaskNumThreads: 20
zimbraServiceEnabled: antivirus
zimbraServiceEnabled: antispam
zimbraServiceEnabled: logger
zimbraServiceEnabled: mailbox
zimbraServiceEnabled: mta
zimbraServiceEnabled: stats
zimbraServiceEnabled: snmp
zimbraServiceEnabled: ldap
zimbraServiceEnabled: spell
zimbraServiceEnabled: imapproxy
zimbraServiceHostname: marvin.dieball.net
zimbraServiceInstalled: antivirus
zimbraServiceInstalled: antispam
zimbraServiceInstalled: logger
zimbraServiceInstalled: mailbox
zimbraServiceInstalled: mta
zimbraServiceInstalled: stats
zimbraServiceInstalled: imapproxy
zimbraServiceInstalled: snmp
zimbraServiceInstalled: ldap
zimbraServiceInstalled: spell
zimbraSmtpHostname: marvin.dieball.net
zimbraSmtpPort: 25
zimbraSmtpSendPartial: FALSE
zimbraSmtpTimeout: 60
zimbraSoapRequestMaxSize: 15360000
zimbraSpellCheckURL: http://marvin.dieball.net:7780/aspell.php
zimbraSshPublicKey: ssh-dss AKEYKEYKEY== marvin.dieball.net
zimbraTableMaintenanceGrowthFactor: 10
zimbraTableMaintenanceMaxRows: 1000000
zimbraTableMaintenanceMinRows: 10000
zimbraTableMaintenanceOperation: ANALYZE
zimbraVirusDefinitionsUpdateFrequency: 2h
zimbraXMPPEnabled: TRUE

IMAP(s) connections are not possible any more, Logging in via webmail to the mailbox gives me a zclient.IO Error.
Using the admin backend web interface works.


Any help would be highly appreciated

Thanks

Andre
Reply With Quote
  #5 (permalink)  
Old 11-14-2008, 11:07 AM
Active Member
  
Posts: 32
Default
while trying to reverse all changes I made in order to give it a fresh start, i've seen, that my zimbra.web.xml.in had missing // in the address

Possible that this was the sole problem?

f0rd42
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.