Results 1 to 8 of 8

Thread: Zimbra proxy on 8.0.1 doesn't seem to work on the stores

  1. #1
    flavio.moringa is offline Junior Member
    Join Date
    Nov 2012
    Posts
    9
    Rep Power
    2

    Default Zimbra proxy on 8.0.1 doesn't seem to work on the stores

    I guys,

    I've made a multi-server install of Zimbra 8.0.1 Open Source Edition with the folowing components:

    1- Main CS:
    zimbra-ldap
    zimbra-mta
    zimbra-snmp
    zimbra-proxy
    zimbra-memcached

    All defaults, except on zimbra-proxy, besides pop3 and imap I also marked "Enable HTTP[S] Proxy: TRUE"

    2. Mailstore 1:
    zimbra-logger
    zimbra-snmp
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-memcached

    All defaults, except on zimbra-store I marked "Configure for use with mail proxy -True" and "Configure for use with web proxy- True"

    3. Mailstore 2:
    zimbra-snmp
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-memcached

    All defaults, except on zimbra-store I marked "Configure for use with mail proxy -True" and "Configure for use with web proxy- True"

    After all is done, the stores still have only ports 110 and 143 opened... Shouldn't they be using 7110 and 7143? Do I have to do anything more?

    Because we'll be configuring multi-domains and want to have the mailstores on a diferent vlan only accessible from the CS machine it's imperative to use zimbra proxy.

    Could you help me please... I'm really stuck here.

    Thanks for any help

    Your's trully
    Flávio Moringa

  2. #2
    sviriyala is offline Active Member
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default

    Quick question: Do you need to install Memcached on Mail store servers as well? My understanding was that it is needed to run only on the server installed with proxy.

    Now coming to your question on ports, mail store servers will still listen on 110 & 143 since those are the std ports for POP & IMAP. Security is thro STARTTLS. If you want to use SSL then they will be on 995 & 993 respectively. Even if you deploy a Proxy, the communication will still be on std ports. Client connects to your Proxy on ports 110/143 (995/993 if using SSL) and proxy in turn connects to the mailstore server on those ports. Atleast that is my understanding and that is the way it is working for me. Does that answer your doubt?

    Here is the output of netstat -an on proxy and mailbox servers in my installation:

    [root@zmproxy-mail ~]# netstat -an | grep -i listen
    tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
    [root@zm-store1 ~]# netstat -an | grep -i listen
    tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
    Of course this is the scenario if you left all the default values during your install. During install if you changed the std ports to something else, then they will be different depending on the changes you made.

    Regards

  3. #3
    flavio.moringa is offline Junior Member
    Join Date
    Nov 2012
    Posts
    9
    Rep Power
    2

    Default

    I,

    first of all thanks for replying.

    Abou the memcache server, it says on the multi-server documentaton about installing a mailbox server the following:

    • If zimbra proxy is configured, install memcached.
    This is on step 2 in this link:
    https://www.zimbra.com/docs/os/8.0.0...ox_Server.html

    So It seems that memcached should be installed on every mailbox server when you are using a proxy... Actually it seems that probably it's not necessary on the main server but only on the mailboxes, although I installed it everywhere.


    About the proxy ports... You're right, my configuration has those ports open too, but since when I searched for information about zimbra proxy ports I found this:
    https://www.zimbra.com/docs/ne/8.0.0..._and_IMAP.html

    It seems to indicate that when you say on the configuration that you want to use a proxy, the maiboxes change there default pop3, imap and http ports to those on the table, and only on the master node will the standard ports be accessible (and the master communicates through those proxied ports, that on the mailboxes are running ther services instead of the standard ports).

    What am I missing here then? Is the documentation wrong? Since it works for you it seems so...

    Thanks for helping

    Cheers
    Flávio Moringa

  4. #4
    shanxt is offline Active Member
    Join Date
    Jul 2012
    Location
    Bangalore, India
    Posts
    34
    Rep Power
    2

    Default

    Hello Flávio!

    Memcached should be installed only on the proxy server, and only one is necessary. The NE documentation explains the proxy installation a little more clearly.

    And I think the documentation is incorrect when it comes to the ports part. Because I also have a working multi-server setup with two mailboxes and a proxy, and it is working correctly without the 7xxx ports. AFAIK the client connects to the proxy on 143 and 110, and the proxy connects to the mailboxes on 143 and 110, so there's no need for the 7143 and 7110 ports.

  5. #5
    flavio.moringa is offline Junior Member
    Join Date
    Nov 2012
    Posts
    9
    Rep Power
    2

    Default

    I'm having configuration issues the connection bettween the main server and mailboxes... I think due to http proxy....

    Do you have http proxy enabled? What configuratioon needed to be done for a CS with no storing and two stores... The error on the nginx log is:

    2012/11/27 11:15:38 [notice] 18648#0: *19468 memcached channel 172.25.200.5:11211 orderly shutdown when posting request, client: 192.168.20.121, server: mail.pcm.lan.default, request: "POST /service/soap/NoOpRequest HTTP/1.1", host: "mail.pcm.lan", referrer: "https://mail.pcm.lan/"

    Could it be a memcache problem?

    Thanks
    Flávio

  6. #6
    shanxt is offline Active Member
    Join Date
    Jul 2012
    Location
    Bangalore, India
    Posts
    34
    Rep Power
    2

    Default

    Ok, first since you've installed memcache on the mailbox servers, disable that. Enable it only on the proxy server. To disable on the mailbox servers, run this as the zimbra user on each server:
    Code:
    zmprov ms `zmhostname` -zimbraServiceEnabled memcached
    For comparison, here's the output of my enabled services on the mailbox and proxy:

    Mailbox:
    Code:
    [zimbra@mbox2 ~]$ zmprov gs `zmhostname` | grep ServiceEnabled                                                                                                                    
    zimbraServiceEnabled: mailbox
    zimbraServiceEnabled: convertd
    zimbraServiceEnabled: stats
    zimbraServiceEnabled: spell
    Proxy:
    Code:
    [zimbra@proxy ~]$ zmprov gs `zmhostname` | grep ServiceEnabled                                                                                                                    
    zimbraServiceEnabled: memcached
    zimbraServiceEnabled: stats
    zimbraServiceEnabled: proxy
    Then I think you haven't run the zmproxyconfig script, so run the following on all servers, ie, mailbox AND proxy servers, again as zimbra user.
    Code:
    /opt/zimbra/libexec/zmproxyconfig -e -m -H `zmhostname`
    After running it on all the servers, restart zimbra on all the servers:
    Code:
    zmcontrol restart
    Then access from the proxy, and hopefully it should work. If it doesn't, please post the zimbra.log, nginx logs and mailbox.log files

  7. #7
    flavio.moringa is offline Junior Member
    Join Date
    Nov 2012
    Posts
    9
    Rep Power
    2

    Default

    Still nothing:

    nginx log:
    2012/11/27 17:31:43 [info] 29909#0: *46 client prematurely closed connection while reading client request line, client: 192.168.20.121, server: mail.pcm.lan.default
    2012/11/27 17:32:44 [error] 29909#0: *25 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.20.121, server: mail.pcm.lan.default, request: "POST /service/soap/SendMsgRequest HTTP/1.1", upstream: "https://172.25.200.6:443/service/soap/SendMsgRequest", host: "mail.pcm.lan", referrer: "https://mail.pcm.lan/"
    2012/11/27 17:32:44 [error] 29909#0: *25 no live upstreams while connecting to upstream, client: 192.168.20.121, server: mail.pcm.lan.default, request: "POST /service/soap/SendMsgRequest HTTP/1.1", upstream: "https://172.25.200.6:443/service/soap/SendMsgRequest", host: "mail.pcm.lan", referrer: "https://mail.pcm.lan/"
    2012/11/27 17:33:43 [error] 29909#0: *25 no live upstreams while connecting to upstream, client: 192.168.20.121, server: mail.pcm.lan.default, request: "POST /service/soap/EndSessionRequest HTTP/1.1", host: "mail.pcm.lan", referrer: "https://mail.pcm.lan/"


    mailbox access.log:
    192.168.20.121 - - [27/Nov/2012:17:31:52 +0000] "POST /service/soap/BatchRequest HTTP/1.0" 200 289 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 4
    10.50.25.5 - - [27/Nov/2012:17:31:53 +0000] "GET /service/extension/nginx-lookup HTTP/1.0" 200 0 "-" "-" 5
    192.168.20.121 - - [27/Nov/2012:17:31:53 +0000] "GET /home/teste@pcm.lan/Contacts?fmt=cf&t=2&all=all HTTP/1.0" 200 0 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 51
    192.168.20.121 - - [27/Nov/2012:17:31:54 +0000] "GET /service/zimlet/res/Zimlets-nodev_all.css?language=en&country=US&cosId=e00428a 1-0c00-11d9-836a-000d93afea2a HTTP/1.0" 200 4540 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 93
    192.168.20.121 - - [27/Nov/2012:17:31:54 +0000] "GET /service/zimlet/res/Zimlets-nodev_all.js.zgz?language=en&country=US&cosId=e004 28a1-0c00-11d9-836a-000d93afea2a HTTP/1.0" 200 51100 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 827
    192.168.20.121 - - [27/Nov/2012:17:31:55 +0000] "POST /service/soap/SearchRequest HTTP/1.0" 200 693 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 231
    192.168.20.121 - - [27/Nov/2012:17:31:58 +0000] "POST /service/soap/GetMiniCalRequest HTTP/1.0" 200 188 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 26
    192.168.20.121 - - [27/Nov/2012:17:31:58 +0000] "POST /service/soap/GetMsgRequest HTTP/1.0" 200 618 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 5
    192.168.20.121 - - [27/Nov/2012:17:32:03 +0000] "POST /service/soap/SearchRequest HTTP/1.0" 200 746 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 7
    192.168.20.121 - - [27/Nov/2012:17:32:03 +0000] "POST /service/soap/SearchRequest HTTP/1.0" 200 224 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 9


    I think the problem might be firewall related.... I'm connecting from the 192.168.20.121 IP, that conects with the zimbra proxy at IP 10.50.25.5. The mailstores are at IP 172.25.200.6 and 172.25.200.5, and can only communicate with the zimbra proxy. But what exactly is missing I don't know... maybe snat to the outside?

  8. #8
    sviriyala is offline Active Member
    Join Date
    Feb 2011
    Posts
    42
    Rep Power
    4

    Default

    Hi,

    192.168.20.121 - - [27/Nov/2012:17:31:52 +0000] "POST /service/soap/BatchRequest HTTP/1.0" 200 289 "https://mail.pcm.lan/" "Mozilla/5.0 (X11; CaixaMagica; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0" 4
    10.50.25.5 - - [27/Nov/2012:17:31:53 +0000] "GET /service/extension/nginx-lookup HTTP/1.0" 200 0 "-" "-" 5
    Looks like you too have the same issue I faced. Pls take a look at this thread I created:

    ZCS 8 FOSS - Web proxy Issues

    This is a known issue. Here is the VMWare Knowledge Base Article (also given in the above thread). This resolved my issue.

    VMware KB: Web log in through reverse proxy redirects to mailstore

    Hope this helps.

    Regards

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. IM/XMPP work through the proxy?
    By arw in forum Installation
    Replies: 4
    Last Post: 02-18-2011, 08:46 AM
  2. Replies: 3
    Last Post: 07-01-2009, 04:33 AM
  3. Replies: 4
    Last Post: 05-08-2008, 09:12 AM
  4. Replies: 1
    Last Post: 01-02-2008, 09:31 PM
  5. Where Zimbra stores userProperties?
    By mps in forum Zimlets
    Replies: 4
    Last Post: 04-24-2007, 01:29 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •