Access Zimbra on port 443 via apache

[CatiaL]

Hi,

I have already posted part of this in another thread. Here I post my status at the moment.

I have a server running Apache (http port 80, https port 443) and zimbra (zimbraMailPort 7070, zimbraMailSSLPort 7443).

In short:

1) I manage to access zimbra via http at port 7070
2) I manage to access zimbra via http at port 80 using mod_jk Zimbra with Apache using mod jk - ZimbraWiki
3) I manage to access zimbra via https at port 7443 using zmtlsctl https
4) I DO NOT MANAGE to access zimbra via https at port 443

%%%%% HTTP ACCESS OVER PORT 80 %%%%%%%%%

• installed mod_jk

• created a file /etc/httpd/conf/workers.properties with following text:
  
  
  Code:

  worker.zimbraworker.type=ajp13
  worker.zimbraworker.host=localhost
  worker.zimbraworker.port=8012
  worker.zimbraworker.lbfactor=1
  workers.tomcat_home=/opt/zimbra/tomcat
  workers.java_home=/opt/zimbra/java

• added into /etc/httpd/conf/httpd.conf the following text
  
  
  Code:

  # Load mod_jk module
  # Update this path to match your modules location
  LoadModule jk_module modules/mod_jk.so
  # Declare the module for <IfModule directive> (remove this line on Apache 2.x)
  # AddModule mod_jk.c
  
  # Where to find workers.properties
  # Update this path to match your conf directory location (put workers.properties next to httpd.conf)
  JkWorkersFile /etc/httpd/conf/workers.properties
  
  # Where to put jk logs
  # Update this path to match your logs directory location (put mod_jk.log next to access_log)
  JkLogFile /etc/httpd/logs/mod_jk.log
  # Set the jk log level [debug/error/info]
  JkLogLevel info
  # Select the log format
  JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
  
  # JkOptions indicate to send SSL KEY SIZE,
  JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
  
  # JkRequestLogFormat set the request format
  JkRequestLogFormat "%w %V %T"
  
  
  <VirtualHost *>
  ServerAdmin netmaster@domain.example
  ServerName server.domain.example
  <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteLog logs/server_rewrite.log
  RewriteLogLevel 0
  RewriteRule ^/$ http://server.domain.example/zimbra
  </IfModule>
  JkMount /zimbra zimbraworker
  JkMount /zimbra/ zimbraworker
  JkMount /zimbra/* zimbraworker
  JkMount /service zimbraworker
  JkMount /service/ zimbraworker
  JkMount /service/* zimbraworker
  JkMount /zimbraAdmin zimbraworker
  JkMount /zimbraAdmin/ zimbraworker
  JkMount /zimbraAdmin/* zimbraworker
  JkMount //zimbra zimbraworker
  ErrorLog logs/server.domain.example-error_log
  CustomLog logs/server.domain.example-access_log common
  </VirtualHost>

[list]
in /opt/zimbra/tomcat/conf/server.xml there is the text

Code:

 <Service name="Catalina">
        <!-- user services connector, no SSL -->
        <!-- HTTPBEGIN -->
        <Connector port="7070"
                   acceptCount="1024" URIEncoding="UTF-8"
                   enableLookups="false" redirectPort="7443"
                   compression="on"
                   compressionMinSize="1024"
                   compressableMimeType="text/html,text/plain,text/css"
                   noCompressionUserAgents=".*MSIE 6.*"
                   maxThreads="100" minSpareThreads="100" maxSpareThreads="100"/>

• added in /opt/zimbra/tomcat/conf/server.xml and /opt/zimbra/tomcat/conf/server.xml.in the following text:
  
  Code:

  <Connector port="8012" acceptCount="1024" enableLookups="false" redirectPort="7443" protocol="AJP/1.3" />

  just before
  
  Code:

  <Engine name="Catalina" defaultHost="localhost">

• added into
  /opt/zimbra/apache-tomcat-5.5.15/webapps/service/WEB-INF/web.xml and /opt/zimbra/apache-tomcat-5.5.15/conf/service.web.xml.in
  the ports 443 and 80 in all allowed.ports instances

• restart tomcat
  
  Code:

  tomcat  restart

with this as I have saied I can access zimbra at
http://webmail.domain.example


%%%%% HTTPS ACCESS OVER PORT 443 %%%%%%%%%

• switch to https
  
  
  Code:

  zmtlsctl https
  tomcat restart

  at this point I manage to access https://webmail.domain.example:7443

• comment into /etc/httpd/conf/httpd.conf the VirtualHost regarding Zimbra (kept the rest).

• added into /etc/httpd/conf.d/ssl.conf the following VirtualHost
  
  
  Code:

  <VirtualHost webmail.domain.example>
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLCertificateKeyFile /opt/zimbra/ssl/ssl/server/server.key
    SSLCertificateFile /opt/zimbra/ssl/ssl/server/server.crt
  <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteLog logs/server_rewrite.log
  RewriteLogLevel 0
  RewriteRule ^/$ https://server.domain.example/zimbra
  </IfModule>
  JkMount /zimbra zimbraworker
  JkMount /zimbra/ zimbraworker
  JkMount /zimbra/* zimbraworker
  JkMount /service zimbraworker
  JkMount /service/ zimbraworker
  JkMount /service/* zimbraworker
  JkMount /zimbraAdmin zimbraworker
  JkMount /zimbraAdmin/ zimbraworker
  JkMount /zimbraAdmin/* zimbraworker
  JkMount //zimbra zimbraworker

• restart httpd
  
  Code:

  service httpd restart

At this point I would wxpect to access zimbra under

https://webmail.domain.example

but it does not work!!!!

As I have saied I have no idea, please help!

[CatiaL]

I have found the problem:

since before we were not using any https in the httpd.conf the VirtualHosts were set as NameVirtualHost *; <VirtualHost *> in the httpd.conf.
This was "overwriting" everything that I was setting in the ssl.conf file!

To have everything consistent and use VirtualHosts in both port 80 and port 443:

• in httpd.conf I have set
  
  Code:

  NameVirtualHost *:80

  and define the Virtual Hosts as
  
  
  Code:

  <VirtualHost *:80>
  ...................
  ..................
  </VirtualHost>

• in ssl.conf I have set
  NameVirtualHost *:443
  
  and define the Virtual Hosts as
  
  
  Code:

  <VirtualHost *:443>
  ...................
  ..................
  </VirtualHost>