Results 1 to 5 of 5

Thread: Best Practice (Zimbra / Apache / other services)

  1. #1
    f0rd42 is offline Active Member
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    6

    Default Best Practice (Zimbra / Apache / other services)

    Hi there

    my waf is constantly going down right now, as she can't access the webmail feature from work, which is obviously, as I redirect to tcp port 444 to get 443 free fro apache.

    So, my weekend task is to fix this issue.

    I've read a lot about using zimbra and apache (virtual hosts) on the same server and I know it's not the preffered way, but getting another root server just for zimbra is obviously not MY preffered way :-)

    I do have an option for several IP Addresses for my root server and actually thought it might be a good idea to use a dedicated on for all zimbra related stuff.

    So, my idea is:

    - leave all standard mail services to listen on all IP Addresses (so that stuff in virtual servers on the "main" IP can access it right away (do I actually need this? Won't the use these features (phpmail, etc.) anyway through local system calls instead of IP?

    - move the Zimbra Web Services to a dedicated IP, i.e. zimbraAdmin and the webmail interface

    - keep working with all that virtual servers on the original IP.

    I found a wiki entry which si based on 4.5, anyone here who got it working with v5.x?

    Anyone any other ideas?

    The main Problem is, that I really need to use deafult ports for the services, as I can't always touch firewalls (specially not the one in my wife's ompany)

    Thanks a lot in advance

    f0rd42

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    If you have free IPs and enough memory then why not virtualise your server ?

  3. #3
    f0rd42 is offline Active Member
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    6

    Default

    Good point, but unfortunately the server only has 2 GB

    f0rd42

  4. #4
    f0rd42 is offline Active Member
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    6

    Default

    Ok, I tried to follow the available documentation which leads me to a totally unusabel system :-(

    I basically followed this article:

    - I did the postfix change
    - I did the tomcat jetty changes according to this article
    - I did the java changes in ldap according to the first article. Only Problem: I can't set zimbraLmtpSSLBindAddress, but I can set zimbraLmtpBindAddress (does it make any differences?)
    - I changes the zmapache settings to liste to a specific iport instead of just the port
    - I haven't touched clamd

    my /opt/zimbra/jetty/etc/jetty.xml.in:

    Code:
     <!-- =========================================================== -->
        <!-- Set connectors                                              -->
        <!-- =========================================================== -->
    
        <!-- user services connector, no SSL -->
        <!-- HTTPBEGIN -->
        <Call name="addConnector">
          <Arg>
              <New id="http" class="org.mortbay.jetty.nio.SelectChannelConnector">
                <Set name="port"><SystemProperty name="jetty.port" default="%%zimbraMailPort%%"/></Set>
                <Set name="maxIdleTime">30000</Set>
                <Set name="lowResourceMaxIdleTime">1000</Set>
                <Set name="Acceptors">2</Set>
                <Set name="confidentialPort">%%zimbraMailSSLPort%%</Set>
                <Set name="Host">78.47.207.81</Set>
              </New>
          </Arg>
        </Call>
    <!-- HTTPEND -->
        
        <!-- user services connector, SSL -->
        <!-- HTTPSBEGIN
        <Call name="addConnector">
          <Arg>
            <New id="ssl" class="org.mortbay.jetty.security.SslSelectChannelConnector">
              <Set name="Port">%%zimbraMailSSLPort%%</Set>
              <Set name="Host">78.47.207.81</Set>
              <Set name="maxIdleTime">30000</Set> 
              <Set name="lowResourceMaxIdleTime">1000</Set>
              <Set name="Acceptors">2</Set>
              <Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
              <Set name="password">@@mailboxd_keystore_password@@</Set>
              <Set name="ExcludeCipherSuites">
                <Array type="java.lang.String">
                  %%zimbraSSLExcludeCipherSuites%%
                </Array>
              </Set>
            </New>
          </Arg>
        </Call>
    HTTPSEND -->
    
     <!-- =============================================================== -->
        <!-- Admin services connector; requires SSL -->
        <!-- =============================================================== -->
        <Call name="addConnector">
          <Arg>
            <New id="admin" class="org.mortbay.jetty.security.SslSelectChannelConnector">
              <Set name="Port">7071</Set>
              <Set name="Host">78.47.207.81</Set>
              <Set name="maxIdleTime">30000</Set>
              <Set name="lowResourceMaxIdleTime">1000</Set>
              <Set name="Acceptors">2</Set>
              <Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
              <Set name="password">@@mailboxd_keystore_password@@</Set>
              <Set name="ExcludeCipherSuites">
                <Array type="java.lang.String">
                  %%zimbraSSLExcludeCipherSuites%%
                </Array>
              </Set>
            </New>
          </Arg>
        </Call>


    my zimbra.web.xml.in:

    Code:
     <context-param>
               <param-name>zimbra.soap.url</param-name>
               <param-value>https:78.47.207.81/service/soap</param-value>
            </context-param>
    my zimbraAdmin.web.xml.in:

    Code:
    <context-param>
               <param-name>zimbra.soap.url</param-name>
               <param-value>http://78.47.207.81/service/soap</param-value>
            </context-param>
    zmprov gives me a:
    Code:
    ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
    but zmprov -l works fine.

    a zmprov -l gs marvin.dieball.net tells me:

    Code:
    [zimbra@marvin etc]$ zmprov -l gs marvin.dieball.net
    # name marvin.dieball.net
    cn: marvin.dieball.net
    objectClass: zimbraServer
    zimbraAdminPort: 7071
    zimbraAdminURL: /zimbraAdmin
    zimbraAttachmentsIndexedTextLimit: 1048576
    zimbraBackupAutoGroupedInterval: 1d
    zimbraBackupAutoGroupedNumGroups: 7
    zimbraBackupAutoGroupedThrottled: FALSE
    zimbraBackupMode: Standard
    zimbraBackupReportEmailSubjectPrefix: ZCS Backup Report
    zimbraBackupTarget: /opt/zimbra/backup
    zimbraCalendarRecurrenceDailyMaxDays: 730
    zimbraCalendarRecurrenceMaxInstances: 0
    zimbraCalendarRecurrenceMonthlyMaxMonths: 360
    zimbraCalendarRecurrenceOtherFrequencyMaxYears: 1
    zimbraCalendarRecurrenceWeeklyMaxWeeks: 520
    zimbraCalendarRecurrenceYearlyMaxYears: 100
    zimbraClusterType: none
    zimbraFileUploadMaxSize: 10485760
    zimbraHsmAge: 30d
    zimbraHttpNumThreads: 250
    zimbraHttpSSLNumThreads: 50
    zimbraId: 07423a1b-690d-49da-b49e-47d022940a00
    zimbraImapBindAddress: 78.47.207.81
    zimbraImapBindOnStartup: TRUE
    zimbraImapBindPort: 7143
    zimbraImapCleartextLoginEnabled: TRUE
    zimbraImapNumThreads: 200
    zimbraImapProxyBindPort: 143
    zimbraImapSSLBindAddress: 78.47.207.81
    zimbraImapSSLBindOnStartup: TRUE
    zimbraImapSSLBindPort: 7993
    zimbraImapSSLProxyBindPort: 993
    zimbraImapSSLServerEnabled: TRUE
    zimbraImapSaslGssapiEnabled: FALSE
    zimbraImapServerEnabled: TRUE
    zimbraLmtpBindAddress: 78.47.207.81
    zimbraLmtpBindOnStartup: FALSE
    zimbraLmtpBindPort: 7025
    zimbraLmtpNumThreads: 20
    zimbraLmtpPermanentFailureWhenOverQuota: FALSE
    zimbraLmtpServerEnabled: TRUE
    zimbraLogToSyslog: FALSE
    zimbraMailDiskStreamingThreshold: 1048576
    zimbraMailMode: http
    zimbraMailPort: 8080
    zimbraMailProxyPort: 80
    zimbraMailPurgeSleepInterval: 1m
    zimbraMailReferMode: reverse-proxied
    zimbraMailSSLPort: 8443
    zimbraMailSSLProxyPort: 443
    zimbraMailURL: /zimbra
    zimbraMemcachedBindPort: 11211
    zimbraMessageCacheSize: 1671168
    zimbraMtaAntiSpamLockMethod: flock
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: marvin.dieball.net
    zimbraMtaAuthTarget: TRUE
    zimbraMtaAuthURL: https://marvin.dieball.net/service/soap/
    zimbraMtaDnsLookupsEnabled: TRUE
    zimbraMtaMyDestination: localhost
    zimbraMtaMyNetworks: 127.0.0.0/8 213.239.215.67/32 78.47.207.80/28
    zimbraMtaTlsAuthOnly: TRUE
    zimbraNotebookFolderCacheSize: 1024
    zimbraNotebookMaxCachedTemplatesPerFolder: 256
    zimbraNotebookPageCacheSize: 10240
    zimbraNotifyBindPort: 7035
    zimbraNotifySSLBindPort: 7036
    zimbraNotifySSLServerEnabled: TRUE
    zimbraNotifyServerEnabled: TRUE
    zimbraPop3BindAddress: 78.47.207.81
    zimbraPop3BindOnStartup: TRUE
    zimbraPop3BindPort: 7110
    zimbraPop3CleartextLoginEnabled: TRUE
    zimbraPop3NumThreads: 100
    zimbraPop3ProxyBindPort: 110
    zimbraPop3SSLBindAddress: 78.47.207.81
    zimbraPop3SSLBindOnStartup: TRUE
    zimbraPop3SSLBindPort: 7900
    zimbraPop3SSLProxyBindPort: 900
    zimbraPop3SSLServerEnabled: TRUE
    zimbraPop3SaslGssapiEnabled: FALSE
    zimbraPop3ServerEnabled: TRUE
    zimbraRedoLogArchiveDir: redolog/archive
    zimbraRedoLogDeleteOnRollover: TRUE
    zimbraRedoLogEnabled: TRUE
    zimbraRedoLogFsyncIntervalMS: 10
    zimbraRedoLogLogPath: redolog/redo.log
    zimbraRedoLogRolloverFileSizeKB: 102400
    zimbraRemoteManagementCommand: /opt/zimbra/libexec/zmrcd
    zimbraRemoteManagementPort: 22
    zimbraRemoteManagementPrivateKeyPath: /opt/zimbra/.ssh/zimbra_identity
    zimbraRemoteManagementUser: zimbra
    zimbraReverseProxyHttpEnabled: TRUE
    zimbraReverseProxyImapSaslGssapiEnabled: FALSE
    zimbraReverseProxyImapStartTlsMode: only
    zimbraReverseProxyLookupTarget: TRUE
    zimbraReverseProxyMailEnabled: TRUE
    zimbraReverseProxyMailMode: both
    zimbraReverseProxyPop3SaslGssapiEnabled: FALSE
    zimbraReverseProxyPop3StartTlsMode: only
    zimbraSSLCertificate: 
    KEYKEYKEY
    -----END CERTIFICATE-----
    zimbraSSLPrivateKey: -----BEGIN RSA PRIVATE KEY-----
    KEYKEYKEY
    -----END RSA PRIVATE KEY-----
    zimbraScheduledTaskNumThreads: 20
    zimbraServiceEnabled: antivirus
    zimbraServiceEnabled: antispam
    zimbraServiceEnabled: logger
    zimbraServiceEnabled: mailbox
    zimbraServiceEnabled: mta
    zimbraServiceEnabled: stats
    zimbraServiceEnabled: snmp
    zimbraServiceEnabled: ldap
    zimbraServiceEnabled: spell
    zimbraServiceEnabled: imapproxy
    zimbraServiceHostname: marvin.dieball.net
    zimbraServiceInstalled: antivirus
    zimbraServiceInstalled: antispam
    zimbraServiceInstalled: logger
    zimbraServiceInstalled: mailbox
    zimbraServiceInstalled: mta
    zimbraServiceInstalled: stats
    zimbraServiceInstalled: imapproxy
    zimbraServiceInstalled: snmp
    zimbraServiceInstalled: ldap
    zimbraServiceInstalled: spell
    zimbraSmtpHostname: marvin.dieball.net
    zimbraSmtpPort: 25
    zimbraSmtpSendPartial: FALSE
    zimbraSmtpTimeout: 60
    zimbraSoapRequestMaxSize: 15360000
    zimbraSpellCheckURL: http://marvin.dieball.net:7780/aspell.php
    zimbraSshPublicKey: ssh-dss AKEYKEYKEY== marvin.dieball.net
    zimbraTableMaintenanceGrowthFactor: 10
    zimbraTableMaintenanceMaxRows: 1000000
    zimbraTableMaintenanceMinRows: 10000
    zimbraTableMaintenanceOperation: ANALYZE
    zimbraVirusDefinitionsUpdateFrequency: 2h
    zimbraXMPPEnabled: TRUE

    IMAP(s) connections are not possible any more, Logging in via webmail to the mailbox gives me a zclient.IO Error.
    Using the admin backend web interface works.


    Any help would be highly appreciated

    Thanks

    Andre

  5. #5
    f0rd42 is offline Active Member
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    6

    Default

    while trying to reverse all changes I made in order to give it a fresh start, i've seen, that my zimbra.web.xml.in had missing // in the address

    Possible that this was the sole problem?

    f0rd42

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 21
    Last Post: 02-04-2010, 10:06 AM
  2. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 08:03 AM
  3. Replies: 22
    Last Post: 12-02-2007, 05:05 PM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  5. 3.1 on FC4 problems
    By cohnhead in forum Installation
    Replies: 8
    Last Post: 05-26-2006, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •