Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Zimbra https proxy with apache

  1. #11
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    Hi community,

    This issue is a show-stopper right now. I need that one solved before I can switch this server into production. Everybody's waiting for it...

    I just saw that I get another error message in Internet Explorer:
    code: AjxException.INVALID_PARAM
    method: AjxXmlDoc.loadFromString
    detail:

    What else can I try?

    Thanks a lot!

  2. #12
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Are you connecting to the proxy using http or https ?
    Is the connection between the proxy and Zimbra http or https ?

    Could you post your exact setup (httpd.conf) ?

  3. #13
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    The communication to the proxy is https. As well as the communication between the proxy and Zimbra.

    I use the same certifiaces for apache and Zimbra.

    my httpd.conf looks like:

    HTML Code:
    <VirtualHost *:443>                                                                                                            
            ServerAdmin webmaster@domain.ch                                                                                    
            ServerName secure.domain.ch                                                                                        
                                                                                                                                   
            DocumentRoot /var/www/  
    
        SSLProxyEngine On                                                                                                          
                                                                                                                                                                                                   
        SSLProxyCACertificateFile /etc/ssl/certs/UTNAddTrustServerCA.crt                                                           
        RequestHeader set Front-End-Https On                                                                                       
        ProxyPreserveHost On                                                                                                       
                                                                                                                                   
        ProxyRequests Off                                                                                                          
        ProxyVia full                                                                                                              
        <Proxy *>                                                                                                                  
            Order deny,allow                                                                                                       
            Allow from all                                                                                                         
        </Proxy>     
                                                                                                                  
                                                                                                                                   
        <Location "/zimbra">                                                                                                       
        SetEnv force-proxy-request-1.0 1                                                                                           
        SetEnv proxy-nokeepalive 1                                                                                                 
        ProxyPass https://mail.domain.ch:443/zimbra                                                                            
        ProxyPassReverse https://mail.domain.ch:443/zimbra                                                                     
        </Location>
    
            SSLEngine On                                                                                                               
        SSLCertificateFile /etc/ssl/certs/secure.crt                                                                               
        SSLCertificateKeyFile /etc/ssl/certs/secure.key                                                                             
        SSLCertificateChainFile /etc/ssl/certs/secure.ca-bundle                                                               
        SSLProtocol all                                                                                                            
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL                                                             
                                                                                                                                   
    </VirtualHost>

    Beside this, I have many other 'Location' where I use a proxy for other services on different servers. They all work without any problem. They all use https as well.

    So far, I tried all kind of combinations in the config-file...

  4. #14
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Proxying "/zimbra is" not enough (anything shared needs /home/user/anything).

    Did you try to proxify the whole "/", something like :
    Code:
    ProxyPass        / https://internal-zimbra-server.domain/ 
    ProxyPassReverse / https://internal-zimbra-server.domain/
    Last edited by Klug; 02-07-2008 at 06:25 AM.

  5. #15
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    I just updated the config with your suggestion - unfortuatly it doesn't change anything and I still get the same error...

  6. #16
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    Sorry for bringing up this post again - but I'm still struggeling with this issue. I couldn't find a solution so far...

    Anybody having a similar setup?

    Thanks for your tipps!

  7. #17
    mjp
    mjp is offline Active Member
    Join Date
    Feb 2008
    Location
    Austria
    Posts
    32
    Rep Power
    7

    Default

    hello,

    you might have mod_security installed and have a look at the mod_security logs...?

    what did the trick for me was disabling some rules for the vhost proxying zimbra:
    SecRuleRemoveById 960010 950006 960015 960017 970903

    as suggested in:
    Zimbra with reverse proxy, mod_security and without external relay MTA « Francesco Crippa

    bye

  8. #18
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default Solved

    Hi,

    I just figuered out what was missing:
    I only had a reverse proxy for mailserver/zimbra and mailserver/service. As soon as I put another reverse proxy directive for mailserver/home, it woked!

    Thanks everybody for their tipps.

  9. #19
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Very strange that worked while what I suggested in post #14 didn't.

  10. #20
    mjp
    mjp is offline Active Member
    Join Date
    Feb 2008
    Location
    Austria
    Posts
    32
    Rep Power
    7

    Default

    By the way, is there a reason why "ProxyPreserveHost On" is needed?
    Anyone knows that?

    I have different apache reverse proxies inside vhosts, which point to different vhosts on the zimbra server. So the users can just log in with their username without the domain part.

    But with ProxyPreserveHost On it is not working, the Zimbra server doesn't seem to recognize which virtual host the proxy connects to, with the above Off it works.

    The public service host name on the zimbra domains matches the ServerName of the proxy vhost, of course. Otherwise it would not work at all afaik.

    regards

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. QUE Failure
    By tbullock in forum Administrators
    Replies: 31
    Last Post: 07-30-2008, 12:17 PM
  2. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  4. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 10:34 PM
  5. Seeming variety of problems on suse-9.1
    By Crexis in forum Installation
    Replies: 52
    Last Post: 03-04-2006, 12:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •