reverse proxying ZCS 7.x (jetty) with apache

[jdetert]

I'm trying to front-end ZCS 7.x with apache, so that I can take advantage of apache's controls.

To that end, i changed ZCS to use tcp port 8081, and just plain http. Then, I put apache on the same box, listening on 80 and 443, and reverse proxying (via . the proxy_http module) to http : // localhost : 8081 .

That works fine except when ZCS displays an absolute self-referring URL to the end-user. E.g. when sharing the 'briefcase' with an external user, the url sent to the user contains port 8081 (which I'm trying to hide w. apache, which I don't allow inbound to the ZCS host, and which would evade apache if I did allow it).

I tried to use apache's proxy_html modlue (in addition to proxy_http) to 'rewrite' those self-referring URLs that ZCS occasionally generates. However, I can't get it to work. Initially, I couldn't figure out how to make it do anything. To help solve, I tried to make it work with a remote apache server instead of zimbra's jetty. I got that to work, and so tried the same config with Jetty. It causes jetty to hang, and the web client to give this error:

Service failure
method: AjxSoapDoc.createFromXml:2
msg: Service failure
code: service.FAILURE
detail: contact your administrator (Invalid SOAP PDU)

I don't find anything related in the zimbra log files.

If I remove the apache directive 'SetOutputFilter proxy-html', then ZCS works again as normal, but mod_proxy_html has no effect.

Any ideas how to handle this problem?

Thanks

[rcilink]

We have an outside firewall setup with Apache. It is reverse-proxying for Zimbra in a virtual host configuration.

We are using port 80, so you would need to adjust this to fit your needs.

The virtual host file (06_any_80_zimbra.fake.net.conf):

Code:

<VirtualHost *:80>
Servername zimbra.fake.net:80
ProxyRequests off
        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>
ProxyPass / http://zimbra.fake.net:80/
ProxyPassReverse / http://zimbra.fake.net:80/
</VirtualHost>

Public DNS is setup to point zimbra.fake.net to the outside IP address of the firewall. Internal DNS resolves zimbra.fake.net to the actual inside IP address of the zimbra server.

[jdetert]

I have the same basic mod_proxy_http config, which works, but the problem is that sometimes zimbra creates self-referring URLs, and those don't work, because they refer to jetty, not apache. E.g. in the WebClient, if you right click a calendar, and then select 'edit shares', the url zimbra shows for the calendar is for the backend, not for apache. This is the problem I was trying to fix with mod proxy_html.

However, I think I've fixed the problem by setting the following 3 zimbra attributes (which were previously unset and so non-existent):
zimbraPublicServiceProtocol
zimbraPublicServiceHostname
zimbraPublicServicePort

I set them to the appropriate values for apache, and that fixed the problem.

Regards,

Jon