LinkBack URL
About LinkBacks
Project Contributor
zdesktop and reverse proxy
I have installed zdesktop and it works ok when im in my office.
We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.
Are any constrains about this setup, because zdesktop do not work when im outside.
Patricio Bruna
http://www.it-linux.cl/pbruna
Zimbra Employee
If you have a reverse proxy then it should work. Have you tried it? Are you having problems?
Advanced Member
Are you proxying http or https? I've noticed some incidents with https that make life a little more complicated but it still should be possible. Can you give any more details as to what and how you are proxing but not use real IP's?Originally Posted by pbruna
Here's a couple of example parameters I've needed to proxy for standard 80 and 443:
For 80 (in apache) I'll use Vhosts as an example:
HTTPS is a bit different:Code:<VirtualHost external.ip.address> ServerName external.resolved.hostname ServerAdmin someone@domain.com NoCache * ProxyVia on ProxyPass / http://<internal IP address being proxied to>/ ProxyPassReverse / http://<internal IP address being proxied to>/ </VirtualHost>
Ok I know this doesn't solve a problem but I can confirm that both of these configurations work for reverse proxy using apache externally proxying in to another machine/service using both SSL and standard HTTP. If you can confirm a similar setup it should be safe to assume the proxying is working and there might be another issue.Code:<VirtualHost external.resolvable.ip:443> ServerName external.resolvable.address ProxyPreserveHost On ProxyTimeout 100 RedirectMatch ^/$ https://<proxied.to.resolvable.name>/ ProxyPass / https://<proxied.to.resolvable.name>/ ProxyPassReverse / https://<proxied.to.resolvable.name>/ SSLProxyEngine On SSLCertificateFile /path/to/certificate.crt SSLCertificateKeyFile /path/to/key.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL </VirtualHost>
Can you access your webclient outside of work through the reverse proxy? (not using the Zimbra Desktop application)
Regards,
Lonny
Active Member
I am having the exact same problem. I have the real zimbra http on the same IP as apache but on port 7070. Web client access works perfectly, activesync also works ok, but zdesktop spits out java exceptions on mailbox.log.
Here is one:
2007-09-05 00:34:22,097 ERROR [Timer-Offline-Main] [] offline - failed to sync account eduardo@<mydomain>
com.zimbra.common.service.ServiceException: resource unreachable: Internal Server Error
at com.zimbra.common.service.ServiceException.RESOURC E_UNREACHABLE(ServiceException.java:197)
at com.zimbra.cs.service.UserServlet.getRemoteResourc eInternal(UserServlet.java:1076)
at com.zimbra.cs.service.UserServlet.getRemoteResourc e(UserServlet.java:1052)
at com.zimbra.cs.mailbox.InitialSync.syncMessage(Init ialSync.java:817)
at com.zimbra.cs.mailbox.InitialSync.syncMessagelikeI tems(InitialSync.java:317)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:233)
at com.zimbra.cs.mailbox.InitialSync.prioritySync(Ini tialSync.java:283)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:261)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:272)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSy nc.java:175)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSy nc.java:163)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTa sk.sync(OfflineMailboxManager.java:128)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTa sk.run(OfflineMailboxManager.java:98)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)
Apache logs at the same time shows this request:
24.232.34.202 - - [05/Sep/2007:00:39:28 -0400] "GET /home/~/?fmt=sync&nohdr=1&id=47903 HTTP/1.1" 500 1682
Thanks.
Zimbra Employee
If it gets that far in the zdesktop log, that means your reverse proxy already works for some URLs but not all. It's choking on the URL /home*. This is not that uncommon because apache mod_proxy config can be very URL specific.
You can try this. After using webclient to login, in the browser window try this URL:
http://<proxy-host-port>/home/~/?fmt=sync&nohdr=1&id=47903
It will probably choke the same way.
Active Member
you were right... zimbra chokes and an error 500 appears on the browser window:
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
java.lang.String.substring(String.java:1765)
com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
com.zimbra.webClient.filters.SetHeaderFilter.doFil ter(SetHeaderFilter.java:286)
But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.
Somehow it does not look like an apache misconfiguration...
Active Member
ah... when that error 500 appears, this gets logged in /opt/zimbra/log/mailbox.log:
2007-09-05 01:03:39,433 ERROR [http-7070-Processor99] [name=ekaftan@<mydomain>;mid=2;ip=24.232.34.202;] [UserServlet] - Servlet.service() for servlet UserServlet threw exception
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
at java.lang.String.substring(String.java:1765)
at com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
at com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)
Zimbra Employee
Most likely this is caused by mod_proxy rewriting the URL then. It's common for proxy code to rewrite URL for various purposes. There is usually a way to turn off URL rewriting in proxy, but I'm not familiar with apache enough to tell you exactly what to do. Hope you can find the document on that and turn that off.
There's probably something wrong with UserServlet (part of zimbra code) as well where the code was not written defensively. That's why it doesn't like the rewritten URL. If you figure out what the rewritten URL is, let us know and that will help us see what's wrong with UserServlet. Thanks!
New Member
Has there been any updates on this problem?
I have the exact same scenario - zimbra mail server (which works brilliantly) running on Ubuntu LTS 6.06.
The web mail client works well through the apache reverse proxy, but the zimbra desktop client has trouble synchronizing with the above mentioned java error messages.
Has there been any updates to the UserServlet?
I dont have the mod_proxy rewrites turned on as far as i can see, just the proxypass and proxyreversepass in apache.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
