Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Zimbra https proxy with apache

  1. #1
    haensse is offline Member
    Join Date
    Nov 2006
    Posts
    13
    Rep Power
    8

    Default Zimbra https proxy with apache

    Dear forum,

    I'm running zimbra over https. For the access from the internet, the zimbra server is running behind an apache ssl proxy. I get errors like this in the zimbra ui when the webclient is idle for a couple of minutes. When accessing zimbra directly, there is no such error.

    msg - Invalid SOAP PDU
    code - INVALID_PDU
    method - AjxSoapDoc.createFromXml:2
    detail - undefined

    Somewhere must be a connection timeout that causes zimbra to show errors like this?!

    What is the meaning of this error on the zimbra side? Is this really a timeout?

    This is my apache proxy setting. Is this correct?
    Is there a better way to support zimbra behind a ssl proxy? As I would like to use virtual host also for https, I can't see a better way. I only have one ip for different urls!!

    regards

    Dani


    NameVirtualHost *:443
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem
    #SSLCertificateKeyFile /etc/apache2/ssl/apache.key
    #SSLCACertificatePath /etc/apache2/ssl/ssl.crt
    #SSLCACertificateFile /etc/apache2/ssl/ssl.crt/ca-bundle.crt
    SSLProxyEngine On
    ProxyPreserveHost On
    ProxyPass / https://internal.foobar.com/
    ProxyPassReverse / https://internal.foobar.com/
    ProxyRequests Off
    ProxyTimeout 3600
    # Forward rules
    SetOutputFilter proxy-html
    ProxyHTMLURLMap https://internal.foobar.com/ https://external.foobar.com/
    ProxyHTMLExtended On
    # Compression off
    RequestHeader unset Accept-Encoding
    ServerName external.foobar.com
    ServerAlias external.foobar.ch
    ServerAdmin webmaster@foobar.com
    ErrorLog /var/log/apache2/external.foobar.com-error_log
    CustomLog /var/log/apache2/external.foobar.com-access_log common

  2. #2
    ronald_johnson is offline Starter Member
    Join Date
    Oct 2007
    Posts
    2
    Rep Power
    7

    Default

    I am also running zimbra behind a firewall and allowing remote access through an apache proxy, but I get the following error right after login:

    msg - Invalid SOAP PDU
    code - INVALID_PDU
    method - AjxSoapDoc.createFromXml:2
    detail - undefined

    Dani, did you find an apache proxy setting that allowed you to get rid of the error?

    Regards,
    Ron

  3. #3
    haensse is offline Member
    Join Date
    Nov 2006
    Posts
    13
    Rep Power
    8

    Default

    no, we just moved to scalix

    sorry

    best regards

    Dani

  4. #4
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    These settings below should work.
    The reverse proxy access the https part of Zimbra (if you're using a self-signed certificate you'll have to download and save as /etc/apache2/ssl/zimbra.crt).

    Code:
    <VirtualHost *:443> 
    	
    ServerName reverse.domain.tld
    
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/reverse.domain.tld.crt
    SSLCertificateKeyFile /etc/apache2/ssl/reverse.domain.tld.key 
    	
    SSLProxyEngine on
    SSLProxyCACertificateFile /etc/apache2/ssl/zimbra.crt 
    
    RequestHeader set Front-End-Https On
    ProxyRequests On
    ProxyPreserveHost On
    ProxyVia full 
    	
    <Proxy *>
      Order deny,allow 
      Allow from all
    </Proxy>
    
    ProxyPass        / https://internal-zimbra-server.domain/ 
    ProxyPassReverse / https://internal-zimbra-server.domain/ 
    	
    </VirtualHost>
    Last edited by Klug; 10-25-2007 at 11:29 PM. Reason: Tiny error in the code

  5. #5
    randall is offline Advanced Member
    Join Date
    Jun 2007
    Location
    Philippines
    Posts
    193
    Rep Power
    8

    Default

    Quote Originally Posted by haensse View Post
    no, we just moved to scalix

    sorry

    best regards

    Dani
    LOL , what's the point?

    let's just try to be more helpful next time we post.

  6. #6
    ronald_johnson is offline Starter Member
    Join Date
    Oct 2007
    Posts
    2
    Rep Power
    7

    Default

    Thanks for the pointers Klug. I've tried the settings, but I still get the "Invalid SOAP PDU" error after authenticating. I know the SSL config is working as I have other services running through proxy already. This appears to be an issue with Tomcat and the apache proxy settings. I will keep working on it.

  7. #7
    Jinx is offline Starter Member
    Join Date
    Oct 2007
    Location
    Australia
    Posts
    2
    Rep Power
    7

    Default

    Thanks Klug! That got HTTPS Proxying working on my Ubuntu Feisty mail server. It is proxying via a Ubuntu Feisty Apache2 server.

    I copied the Zimbra server.key and server.crt from the mailserver's /opt/zimbra/ssl/ssl/server/ directory over to the Apache server's /etc/apache2/ssl dir.

    Had to modify your config slightly, as "Proxy Via full" brought up an error. Used "ProxyVia full" and it seemed to be happy with that.

    Made sure I had the proxy module enabled as well via "a2enmod proxy".

    Thanks again, this has been a long standing issue for me, and one that isn't well documented on the Net (from what I can find anyways).

    Cya round
    Jinx

  8. #8
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Quote Originally Posted by Jinx View Post
    Had to modify your config slightly, as "Proxy Via full" brought up an error. Used "ProxyVia full" and it seemed to be happy with that.
    It's a cut/paste error in my post, I'm correcting it right now.

  9. #9
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    Hello,

    I have the very same error. I use Zimbra Opensource Edition 5.0.1. Both, Zimbra and Apache run on Debian Etch.

    I did all the steps provided above. But I still get the very same error as in post #1 when logging on to Zimbra through Apache.

    I guess, so far this thread was about Zimbra 4.5.x.
    Are there any changes about that in 5.0.1?

    Thanks for some hints!

  10. #10
    m.a.g. is offline Active Member
    Join Date
    Jul 2006
    Location
    Zurich, Switzerland
    Posts
    29
    Rep Power
    9

    Default

    With 5.0.2 I still get the very same error...

    What else can I try?

    Thanks!

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. QUE Failure
    By tbullock in forum Administrators
    Replies: 31
    Last Post: 07-30-2008, 12:17 PM
  2. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  4. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 10:34 PM
  5. Seeming variety of problems on suse-9.1
    By Crexis in forum Installation
    Replies: 52
    Last Post: 03-04-2006, 12:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •