Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Collaboration Suite > Mobility > Zimbra Mobile
Reload this Page [SOLVED] Zimbra 5 Mobile, sync using SSL and Apache Proxy does not work

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-02-2008, 09:16 PM
Partner (VAR/HSP)
  
Posts: 184
Smile [SOLVED] Zimbra 5 Mobile, sync using SSL and Apache Proxy does not work
G'day All

Just thought I'd post this solution to help anyone unable to sync Zimbra 5 using SSL when Zimbra is behind an Apache Proxy server.

We use Apache 2 to proxy requests to Zimbra and some other web servers in our network. After upgrading to Zimbra 5 we noticed that email was no longer syncing using SSL on our Nokia E61s using Mail for Exchange 2.02 (ie. it just failed with the error: 'Connection error'). It is important to note that webmail was working fine on both HTTP and HTTPS; and that syncing using a non-SSL connection was also working. Only sync using SSL was failing with this setup.

The following entries appear in the Apache Proxy server access log.
Code:
69.200.121.1 - - [03/Jan/2008:14:25:02 +1100] "OPTIONS /Microsoft-Server-ActiveSync?User=somedood%40something.net&DeviceId=IMEI356213
000206945&DeviceType=IMEI356213000206945 HTTP/1.1" 200 - "-" "NokiaE61/1.0"
69.200.121.1 - - [03/Jan/2008:14:25:02 +1100] "POST /Microsoft-Server-ActiveSync?User=somedood%40something.net&DeviceId=IMEI356213000
206945&DeviceType=IMEI356213000206945&Cmd=FolderSync HTTP/1.1" 502 - "-" "NokiaE61/1.0"
The following entries appear in the Apache Proxy server error log.
Code:
[Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: error reading status line from remote server webmail.something.net
[Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: Error reading from remote server returned by /Microsoft-Server-ActiveSync
[Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: error reading status line from remote server webmail.something.net
[Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: Error reading from remote server returned by /error/HTTP_BAD_GATEWAY.html.var
After a far amount of investigation I tracked the problem down to the way that requests were being proxied to the Zimbra server using SSL. Something has changed in Zimbra 5 which breaks the comms between the proxy server and Zimbra. There was nothing wrong with the Nokia, Mail for Exchange and anything in between. Googling found this post with a similar problem for another system, Using Apache with mod_proxy - Confluence 2.7 - Confluence

The solution is to use the following in the Apache proxy server as follows.
Code:
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
From mod_proxy - Apache HTTP Server
Quote:
For circumstances where mod_proxy is sending requests to an origin server that doesn't properly implement keepalives or HTTP/1.1, there are two environment variables that can force the request to use HTTP/1.0 with no keepalive. These are set via the SetEnv directive.
Code:
<Location /buggyappserver/>
ProxyPass http://buggyappserver:7001/foo/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
Our original Apache proxy virtual host configuration (which did work with Zimbra 4.5 Mobile on SSL but does NOT work with Zimbra 5 Mobile SSL).

Code:
<VirtualHost *:443>
 ServerAdmin support@something.net
 DocumentRoot /srv/www/htdocs/gonzo
 ServerName webmail.something.net
 ErrorLog /var/log/apache2/webmail.something.net_ssl-error_log
 CustomLog /var/log/apache2/webmail.something.net_ssl-access_log combined
 SSLEngine On
 SSLCertificateFile /etc/apache2/ssl.crt/something.net.crt
 SSLCertificateKeyFile /etc/apache2/ssl.key/something.net.key
 SSLProxyEngine On
 SSLProxyVerify none
 ProxyPass / https://webmail.something.net/
 ProxyPassReverse /  https://webmail.something.net/
 ProxyRequests Off
 ProxyPreserveHost On
</VirtualHost>
And below is the updated Apache proxy virtual host configuration which now works with Zimbra 5 Mobile and SSL.
Code:
<VirtualHost *:443>
 ServerAdmin support@something.net
 DocumentRoot /srv/www/htdocs/gonzo
 ServerName webmail.something.net
 ErrorLog /var/log/apache2/webmail.something.net_ssl-error_log
 CustomLog /var/log/apache2/webmail.something.net_ssl-access_log combined
 SSLEngine On
 SSLCertificateFile /etc/apache2/ssl.crt/something.net.crt
 SSLCertificateKeyFile /etc/apache2/ssl.key/something.net.key
 SSLProxyEngine On
 SSLProxyVerify none
 ProxyPass / https://webmail.something.net/
 ProxyPassReverse /  https://webmail.something.net/
 ProxyRequests Off
 ProxyPreserveHost On
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>
 <Location />
  ProxyPass https://webmail.something.net
  SetEnv force-proxy-request-1.0 1
  SetEnv proxy-nokeepalive 1
 </Location>
</VirtualHost>
Hope this helps someone else (this took about 8 hours to solve).
Last edited by greenrenault : 01-03-2008 at 01:21 PM. Reason: Forgot to mention that proxying for webmail on http/https and non-ssl sync was still working
Reply With Quote
  #2 (permalink)  
Old 01-02-2008, 09:31 PM
Zimbra Consultant
  
Posts: 5,814
Default
Thanks for the writeup!
__________________
-Mike Morse (MCode151)

ZCS-to-ZCS Migrations & Moves | Admin Tools & Tidbits » ZimbraBlog.com | ZimbraCommunity.com
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com


Home - Blog - Contact Us - Archive - Top


 

Search Engine Optimization by vBSEO 3.1.0