Zimbra

m.a.g. · #11 (**permalink**) 02-06-2008, 11:39 PM

Hi community,

This issue is a show-stopper right now. I need that one solved before I can switch this server into production. Everybody's waiting for it...

I just saw that I get another error message in Internet Explorer:
code: AjxException.INVALID_PARAM
method: AjxXmlDoc.loadFromString
detail:

What else can I try?

Thanks a lot!

Klug · #12 (**permalink**) 02-07-2008, 01:01 AM

Are you connecting to the proxy using http or https ?
Is the connection between the proxy and Zimbra http or https ?

Could you post your exact setup (httpd.conf) ?

m.a.g. · #13 (**permalink**) 02-07-2008, 01:15 AM

The communication to the proxy is https. As well as the communication between the proxy and Zimbra.

I use the same certifiaces for apache and Zimbra.

my httpd.conf looks like:

HTML Code:

<VirtualHost *:443>                                                                                                            
        ServerAdmin webmaster@domain.ch                                                                                    
        ServerName secure.domain.ch                                                                                        
                                                                                                                               
        DocumentRoot /var/www/  

    SSLProxyEngine On                                                                                                          
                                                                                                                                                                                               
    SSLProxyCACertificateFile /etc/ssl/certs/UTNAddTrustServerCA.crt                                                           
    RequestHeader set Front-End-Https On                                                                                       
    ProxyPreserveHost On                                                                                                       
                                                                                                                               
    ProxyRequests Off                                                                                                          
    ProxyVia full                                                                                                              
    <Proxy *>                                                                                                                  
        Order deny,allow                                                                                                       
        Allow from all                                                                                                         
    </Proxy>     
                                                                                                              
                                                                                                                               
    <Location "/zimbra">                                                                                                       
    SetEnv force-proxy-request-1.0 1                                                                                           
    SetEnv proxy-nokeepalive 1                                                                                                 
    ProxyPass https://mail.domain.ch:443/zimbra                                                                            
    ProxyPassReverse https://mail.domain.ch:443/zimbra                                                                     
    </Location>

        SSLEngine On                                                                                                               
    SSLCertificateFile /etc/ssl/certs/secure.crt                                                                               
    SSLCertificateKeyFile /etc/ssl/certs/secure.key                                                                             
    SSLCertificateChainFile /etc/ssl/certs/secure.ca-bundle                                                               
    SSLProtocol all                                                                                                            
    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL                                                             
                                                                                                                               
</VirtualHost>

Beside this, I have many other 'Location' where I use a proxy for other services on different servers. They all work without any problem. They all use https as well.

So far, I tried all kind of combinations in the config-file...

Klug · #14 (**permalink**) 02-07-2008, 05:22 AM

Proxying "/zimbra is" not enough (anything shared needs /home/user/anything).

Did you try to proxify the whole "/", something like :

Code:

ProxyPass        / https://internal-zimbra-server.domain/ 
ProxyPassReverse / https://internal-zimbra-server.domain/

m.a.g. · #15 (**permalink**) 02-07-2008, 06:36 AM

I just updated the config with your suggestion - unfortuatly it doesn't change anything and I still get the same error...

m.a.g. · #16 (**permalink**) 02-12-2008, 12:06 AM

Sorry for bringing up this post again - but I'm still struggeling with this issue. I couldn't find a solution so far...

Anybody having a similar setup?

Thanks for your tipps!

mjp · #17 (**permalink**) 02-20-2008, 05:33 PM

hello,

you might have mod_security installed and have a look at the mod_security logs...?

what did the trick for me was disabling some rules for the vhost proxying zimbra:
SecRuleRemoveById 960010 950006 960015 960017 970903

as suggested in:
Zimbra with reverse proxy, mod_security and without external relay MTA « Francesco Crippa

bye

m.a.g. · #18 (**permalink**) 02-21-2008, 01:03 AM

Hi,

I just figuered out what was missing:
I only had a reverse proxy for mailserver/zimbra and mailserver/service. As soon as I put another reverse proxy directive for mailserver/home, it woked!

Thanks everybody for their tipps.

Klug · #19 (**permalink**) 02-21-2008, 01:14 AM

Very strange that worked while what I suggested in post #14 didn't.

mjp · #20 (**permalink**) 02-21-2008, 05:51 PM

By the way, is there a reason why "ProxyPreserveHost On" is needed?
Anyone knows that?

I have different apache reverse proxies inside vhosts, which point to different vhosts on the zimbra server. So the users can just log in with their username without the domain part.

But with ProxyPreserveHost On it is not working, the Zimbra server doesn't seem to recognize which virtual host the proxy connects to, with the above Off it works.

The public service host name on the zimbra domains matches the ServerName of the proxy vhost, of course. Otherwise it would not work at all afaik.

regards

Zimbra

Downloads

Product Information

Toolbox

Why Join?