Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Desktop > General Questions

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-19-2007, 08:22 AM
Project Contributor
 
Posts: 80
Default zdesktop and reverse proxy

I have installed zdesktop and it works ok when im in my office.
We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.

Are any constrains about this setup, because zdesktop do not work when im outside.
__________________
Patricio Bruna
http://www.it-linux.cl/pbruna
Reply With Quote
  #2 (permalink)  
Old 04-19-2007, 12:24 PM
Zimbra Employee
 
Posts: 1,669
Default

If you have a reverse proxy then it should work. Have you tried it? Are you having problems?
Reply With Quote
  #3 (permalink)  
Old 04-19-2007, 08:04 PM
Advanced Member
 
Posts: 215
Default

Quote:
Originally Posted by pbruna View Post
I have installed zdesktop and it works ok when im in my office.
We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.

Are any constrains about this setup, because zdesktop do not work when im outside.
Are you proxying http or https? I've noticed some incidents with https that make life a little more complicated but it still should be possible. Can you give any more details as to what and how you are proxing but not use real IP's?

Here's a couple of example parameters I've needed to proxy for standard 80 and 443:

For 80 (in apache) I'll use Vhosts as an example:

Code:
<VirtualHost external.ip.address>
ServerName external.resolved.hostname
ServerAdmin someone@domain.com
NoCache *
ProxyVia on
ProxyPass         / http://<internal IP address being proxied to>/
ProxyPassReverse  / http://<internal IP address being proxied to>/
</VirtualHost>
HTTPS is a bit different:
Code:
<VirtualHost external.resolvable.ip:443>
ServerName external.resolvable.address
ProxyPreserveHost      On
ProxyTimeout    100
RedirectMatch ^/$ https://<proxied.to.resolvable.name>/
ProxyPass              /    https://<proxied.to.resolvable.name>/
ProxyPassReverse       /    https://<proxied.to.resolvable.name>/
SSLProxyEngine  On
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/key.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
</VirtualHost>
Ok I know this doesn't solve a problem but I can confirm that both of these configurations work for reverse proxy using apache externally proxying in to another machine/service using both SSL and standard HTTP. If you can confirm a similar setup it should be safe to assume the proxying is working and there might be another issue.

Can you access your webclient outside of work through the reverse proxy? (not using the Zimbra Desktop application)

Regards,
Lonny
Reply With Quote
  #4 (permalink)  
Old 09-04-2007, 10:40 PM
Active Member
 
Posts: 28
Default

Quote:
Originally Posted by jjzhuang View Post
If you have a reverse proxy then it should work. Have you tried it? Are you having problems?
I am having the exact same problem. I have the real zimbra http on the same IP as apache but on port 7070. Web client access works perfectly, activesync also works ok, but zdesktop spits out java exceptions on mailbox.log.

Here is one:

2007-09-05 00:34:22,097 ERROR [Timer-Offline-Main] [] offline - failed to sync account eduardo@<mydomain>
com.zimbra.common.service.ServiceException: resource unreachable: Internal Server Error
at com.zimbra.common.service.ServiceException.RESOURC E_UNREACHABLE(ServiceException.java:197)
at com.zimbra.cs.service.UserServlet.getRemoteResourc eInternal(UserServlet.java:1076)
at com.zimbra.cs.service.UserServlet.getRemoteResourc e(UserServlet.java:1052)
at com.zimbra.cs.mailbox.InitialSync.syncMessage(Init ialSync.java:817)
at com.zimbra.cs.mailbox.InitialSync.syncMessagelikeI tems(InitialSync.java:317)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:233)
at com.zimbra.cs.mailbox.InitialSync.prioritySync(Ini tialSync.java:283)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:261)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:272)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSy nc.java:175)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSy nc.java:163)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTa sk.sync(OfflineMailboxManager.java:128)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTa sk.run(OfflineMailboxManager.java:98)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)

Apache logs at the same time shows this request:

24.232.34.202 - - [05/Sep/2007:00:39:28 -0400] "GET /home/~/?fmt=sync&nohdr=1&id=47903 HTTP/1.1" 500 1682


Thanks.
Reply With Quote
  #5 (permalink)  
Old 09-04-2007, 10:51 PM
Zimbra Employee
 
Posts: 1,669
Default

If it gets that far in the zdesktop log, that means your reverse proxy already works for some URLs but not all. It's choking on the URL /home*. This is not that uncommon because apache mod_proxy config can be very URL specific.

You can try this. After using webclient to login, in the browser window try this URL:

http://<proxy-host-port>/home/~/?fmt=sync&nohdr=1&id=47903

It will probably choke the same way.
Reply With Quote
  #6 (permalink)  
Old 09-04-2007, 11:07 PM
Active Member
 
Posts: 28
Default

Quote:
Originally Posted by jjzhuang View Post
If it gets that far in the zdesktop log, that means your reverse proxy already works for some URLs but not all. It's choking on the URL /home*. This is not that uncommon because apache mod_proxy config can be very URL specific.

You can try this. After using webclient to login, in the browser window try this URL:

http://<proxy-host-port>/home/~/?fmt=sync&nohdr=1&id=47903

It will probably choke the same way.
you were right... zimbra chokes and an error 500 appears on the browser window:

java.lang.StringIndexOutOfBoundsException: String index out of range: 4
java.lang.String.substring(String.java:1765)
com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
com.zimbra.webClient.filters.SetHeaderFilter.doFil ter(SetHeaderFilter.java:286)

But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.

Somehow it does not look like an apache misconfiguration...
Reply With Quote
  #7 (permalink)  
Old 09-04-2007, 11:09 PM
Active Member
 
Posts: 28
Default

Quote:
Originally Posted by ekaftan View Post
you were right... zimbra chokes and an error 500 appears on the browser window:

java.lang.StringIndexOutOfBoundsException: String index out of range: 4
java.lang.String.substring(String.java:1765)
com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
com.zimbra.webClient.filters.SetHeaderFilter.doFil ter(SetHeaderFilter.java:286)

But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.

Somehow it does not look like an apache misconfiguration...
ah... when that error 500 appears, this gets logged in /opt/zimbra/log/mailbox.log:

2007-09-05 01:03:39,433 ERROR [http-7070-Processor99] [name=ekaftan@<mydomain>;mid=2;ip=24.232.34.202;] [UserServlet] - Servlet.service() for servlet UserServlet threw exception
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
at java.lang.String.substring(String.java:1765)
at com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
at com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)
Reply With Quote
  #8 (permalink)  
Old 09-04-2007, 11:33 PM
Zimbra Employee
 
Posts: 1,669
Default

Most likely this is caused by mod_proxy rewriting the URL then. It's common for proxy code to rewrite URL for various purposes. There is usually a way to turn off URL rewriting in proxy, but I'm not familiar with apache enough to tell you exactly what to do. Hope you can find the document on that and turn that off.

There's probably something wrong with UserServlet (part of zimbra code) as well where the code was not written defensively. That's why it doesn't like the rewritten URL. If you figure out what the rewritten URL is, let us know and that will help us see what's wrong with UserServlet. Thanks!
Reply With Quote
  #9 (permalink)  
Old 09-17-2007, 09:00 PM
New Member
 
Posts: 3
Default

Has there been any updates on this problem?

I have the exact same scenario - zimbra mail server (which works brilliantly) running on Ubuntu LTS 6.06.

The web mail client works well through the apache reverse proxy, but the zimbra desktop client has trouble synchronizing with the above mentioned java error messages.

Has there been any updates to the UserServlet?

I dont have the mod_proxy rewrites turned on as far as i can see, just the proxypass and proxyreversepass in apache.
Reply With Quote

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com