reverse proxying ZCS 7.x (jetty) with apache
I'm trying to front-end ZCS 7.x with apache, so that I can take advantage of apache's controls.
To that end, i changed ZCS to use tcp port 8081, and just plain http. Then, I put apache on the same box, listening on 80 and 443, and reverse proxying (via . the proxy_http module) to http : // localhost : 8081 .
That works fine except when ZCS displays an absolute self-referring URL to the end-user. E.g. when sharing the 'briefcase' with an external user, the url sent to the user contains port 8081 (which I'm trying to hide w. apache, which I don't allow inbound to the ZCS host, and which would evade apache if I did allow it).
I tried to use apache's proxy_html modlue (in addition to proxy_http) to 'rewrite' those self-referring URLs that ZCS occasionally generates. However, I can't get it to work. Initially, I couldn't figure out how to make it do anything. To help solve, I tried to make it work with a remote apache server instead of zimbra's jetty. I got that to work, and so tried the same config with Jetty. It causes jetty to hang, and the web client to give this error:
msg: Service failure
detail: contact your administrator (Invalid SOAP PDU)
I don't find anything related in the zimbra log files.
If I remove the apache directive 'SetOutputFilter proxy-html', then ZCS works again as normal, but mod_proxy_html has no effect.
Any ideas how to handle this problem?
Apache in front of Zimbra using mod_proxy
We have an outside firewall setup with Apache. It is reverse-proxying for Zimbra in a virtual host configuration.
We are using port 80, so you would need to adjust this to fit your needs.
The virtual host file (06_any_80_zimbra.fake.net.conf):
Public DNS is setup to point zimbra.fake.net to the outside IP address of the firewall. Internal DNS resolves zimbra.fake.net to the actual inside IP address of the zimbra server.
Allow from all
ProxyPass / http://zimbra.fake.net:80/
ProxyPassReverse / http://zimbra.fake.net:80/