Results 1 to 6 of 6

Thread: mod proxy to zimbraAdmin does not load admin page

  1. #1
    Join Date
    Sep 2008
    Posts
    1
    Rep Power
    7

    Default mod proxy to zimbraAdmin does not load admin page

    First I'd like to say that so far I'm loving Zimbra, it does everything I need and has been really easy to setup- it's exceeded all of my expectations.

    I currently have zimbra 5.0.9 setup with a split horizon dns behind an ipcop firewall. 1 server is hosting zimbra and several websites (not through a VM). I have Zimbra's web port set to 81 and ssl to 445 because I need 80 and 443 open for my webserver. I've setup the following virtual host definition for webmail which works fine:

    Code:
    <VirtualHost *:443>
            ServerAdmin postmaster@mydomain.com
            ServerName webmail.mydomain.com
    
            SSLEngine on
            SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
            SSLCertificateFile /etc/apache2/ssl/webmail.mydomain.com.crt
            SSLCertificateKeyFile /etc/apache2/ssl/webmail.mydomain.com.key
    
            SSLProxyEngine on
            SSLProxyCACertificateFile /etc/apache2/ssl/zimbra.crt
    
            RequestHeader set Front-End-Https On
            ProxyRequests On
            ProxyPreserveHost On
            ProxyVia full
    
            <Proxy *>
                    Order deny,allow
                    Allow from all
            </Proxy>
    
            ProxyPass /        https://webmail.mydomain.com:445/
            ProxyPassReverse / https://webmail.mydomain.com:445/
    
            ErrorLog /home/www/www.mydomain.com/logs/error_webmail.log
            CustomLog /home/www/www.mydomain.com/logs/access_webmail.log common
    </VirtualHost>
    I also have:

    Code:
    <VirtualHost *:443>
            ServerAdmin postmaster@mydomain.com
            ServerName zcs.mydomain.com
    
            SSLEngine on
            SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
            SSLCertificateFile /etc/apache2/ssl/zcs.mydomain.com.crt
            SSLCertificateKeyFile /etc/apache2/ssl/zcs.mydomain.com.key
    
            SSLProxyEngine on
            SSLProxyCACertificateFile /etc/apache2/ssl/zimbra.crt
    
            RequestHeader set Front-End-Https On
            ProxyRequests On
            ProxyPreserveHost On
            ProxyVia full
    
            <Proxy *>
                    Order deny,allow
                    Allow from all
            </Proxy>
    
            ProxyPass        / https://zcs.mydomain.com:7071/
            ProxyPassReverse / https://zcs.mydomain.com:7071/
    
            ErrorLog /home/www/www.mydomain.com/logs/error_admin.log
            CustomLog /home/www/www.mydomain.com/logs/access_admin.log common
    </VirtualHost>
    My current problem is that when I try to access https://zcs.mydomain.com/ I'm getting the /zimbra webmail access and not the /zimbraAdmin access that I need. Consequently, if I login I receive the following error:

    Code:
    A network service error has occurred. msg: system failure: Request not allowed on port 7071

    Additionally if I try to explicitly access /zimbraAdmin through https://zcs.mydomain.com/zimbraAdmin I get the following:
    Code:
    Request not allowed on port 443
    If anyone has any ideas it would be a great help, if you need any config / log files please let me know.

  2. #2
    Join Date
    Mar 2008
    Location
    London
    Posts
    3
    Rep Power
    7

    Default proxypreversehost ?

    Playing around with proxypreversehost helps, IIRC.
    Comparing our configs, that's what strikes me as different with mine (which works, mostly.. Trying to figure out a couple of problems with the documents and wiki)

    Code:
    <VirtualHost *:443>
    ServerName zimbra-management.domain
    SSLEngine on
    SSLProxyEngine on
    (...)
             ProxyRequests off
    #       ProxyPreserveHost on # breaks the admin, IIRC
             ProxyPass / https://localhost:7071/
             ProxyPassReverse / https://localhost:7071/
    </VirtualHost>
    
    <VirtualHost *:443>
    ServerName zimbra.domain
    ServerAlias webmail.domain
    SSLEngine on
    SSLProxyEngine on
    (...)
             ProxyPreserveHost on
             ProxyRequests off
             ProxyPass / https://localhost:4443/
             ProxyPassReverse / https://localhost:4443/
    </VirtualHost>

  3. #3
    Join Date
    Oct 2006
    Posts
    21
    Rep Power
    9

    Default

    i'v got the same error but on Zimbra 7.1.3 (migrated from a 5.0.xx)

    Code:
    <VirtualHost *:443>
    	DocumentRoot /
    	<Directory "/">
    	allow from all
    	Options +Indexes
    	</Directory>
    	
    	ServerAdmin postmaster@mydom.net
    	ServerName zcs.mydom.net
    	
    	SSLEngine on
    	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    	SSLCertificateFile /tmp/certificats/server.crt
    	SSLCertificateKeyFile /tmp/certificats/server.key
    	
    	SSLProxyEngine on
    	SSLProxyCACertificateFile /opt/zimbra/ssl/zimbra/server/server.crt
    	
    	RequestHeader set Front-End-Https On
    	ProxyRequests Off
    	#ProxyPreserveHost On
    	ProxyVia full
    	
    	<Proxy *>
    			Order deny,allow
    			Allow from all
    	</Proxy>
    	
    	ProxyPass        / http://localhost:7071/
    	ProxyPassReverse / http://localhost:7071/
    	
    	ErrorLog /tmp/zcs.mydom.net.error_admin.log
    	CustomLog /tmp/zcs.mydom.net.access_admin.log common
    </VirtualHost>

  4. #4
    Join Date
    Dec 2009
    Posts
    12
    Rep Power
    6

    Default

    I'm getting this same issue except I'm using the identical virtualhost configuration that worked with version 6. This is my .conf:

    Code:
    NameVirtualHost *:443
    
    <VirtualHost *:443>
    DocumentRoot /
    ServerName zimbraadmin.mydomain.net
    <Directory "/">
    allow from all
    Options +Indexes
    </Directory>
        <proxy *>
        Order deny,allow
       Allow from all
        </proxy>
    
    SSLProxyEngine On
    ProxyPass / https://localhost:7071/
    ProxyPassReverse / https://localhost:7071/
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem
    </VirtualHost>
    The tracelog looks like it starts to load the Admin panel then immediately changes it's mind and loads the Web client

    Code:
    10:44:23.170:btpool0-8://localhost:7071/service/admin/soap/GetDomainInfoRequest 127.0.0.1 POST null; ZCS 7.2.0_GA_2669
    10:44:23.174:btpool0-8://localhost:7071/service/admin/soap/GetDomainInfoRequest 200 text/xml; charset=utf-8 423
    10:44:23.189:btpool0-0://zimbraadmin.mydomain.net/ 200 text/html; charset=utf-8 10587
    10:44:23.241:btpool0-8://zimbraadmin.mydomain.net/zimbra/css/common,login,zhtml.css?skin=carbon&v=120410005122 10.0.1.100 GET ZM_TEST=true; Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1150.0 Safari/537.1
    10:44:23.243:btpool0-7://zimbraadmin.mydomain.net/zimbra/css/skin.css?skin=carbon&v=120410005122 10.0.1.100 GET ZM_TEST=true; Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1150.0 Safari/537.1
    10:44:23.249:btpool0-7://zimbraadmin.mydomain.net/zimbra/css/skin.css?skin=carbon&v=120410005122 200 text/css 3307
    10:44:23.269:btpool0-8://zimbraadmin.mydomain.net/zimbra/css/common,login,zhtml.css?skin=carbon&v=120410005122 200 text/css 7335
    10:44:23.287:btpool0-8://zimbraadmin.mydomain.net/zimbra/skins/carbon/logos/LoginBanner.png 10.0.1.100 GET ZM_TEST=true; Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1150.0 Safari/537.1
    10:44:23.292:btpool0-8://zimbraadmin.mydomain.net/zimbra/skins/carbon/logos/LoginBanner.png 304 null 0
    10:44:23.292:btpool0-7://zimbraadmin.mydomain.net/zimbra/skins/carbon/logos/AltBanner.png 10.0.1.100 GET ZM_TEST=true; Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1150.0 Safari/537.1
    10:44:23.296:btpool0-8://zimbraadmin.mydomain.net/zimbra/skins/carbon/img/vmwarePeel.png 10.0.1.100 GET ZM_TEST=true; Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1150.0 Safari/537.1
    10:44:23.298:btpool0-8://zimbraadmin.mydomain.net/zimbra/skins/carbon/img/vmwarePeel.png 304 null 0
    10:44:23.305:btpool0-7://zimbraadmin.mydomain.net/zimbra/skins/carbon/logos/AltBanner.png 304 null 0
    10:44:23.312:btpool0-7://zimbraadmin.mydomain.net/zimbra/img/logo/favicon.ico 10.0.1.100 GET ZM_TEST=true; Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1150.0 Safari/537.1
    10:44:23.314:btpool0-7://zimbraadmin.mydomain.net/zimbra/img/logo/favicon.ico 200 image/x-icon 1406
    A work around would be to use the full "https://localhost:7071/zimbraAdmin/" in the virtualhost configuration except for the "Request not allowed on port 443" error. This used to enable access to the Admin panel over port 443:

    Code:
    edit /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in and add port 443 to the allowed ports like so.
           <context-param>
                   <param-name>admin.allowed.ports</param-name>
                   <param-value>7071, 443</param-value>
           </context-param>
    What is the equivalent with version 7?

    Also if anyone has mod_proxy working with the admin panel and Apache 2.2.14 please post your .conf.

  5. #5
    Join Date
    Oct 2006
    Posts
    21
    Rep Power
    9

    Default

    i think you have to watch for those global conf value :
    zimbraPublicServicePort : 443
    zimbraPublicServiceProtocol : https
    and
    zimbraMailMode : http


    in my config the proxy for webmail is https by apache and http proxy to Zimbra webmail


    <VirtualHost *:443>
    ServerAlias zadmin.*
    <IfModule mod_proxy.c>
    ProxyRequests On
    ProxyPreserveHost On
    ProxyVia On
    SSLProxyEngine ON
    RequestHeader set Front-End-Https On
    ProxyRequests On
    ProxyPreserveHost On
    SSLProxyEngine ON
    SSLEngine On
    ProxyVia full
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile ../server.crt
    SSLCertificateKeyFile ../server.key
    ProxyPass / https://localhost:7071/
    ProxyPassReverse / https://localhost:7071/
    </IfModule>
    ErrorLog /var/log/httpd/zimbra-proxy-error.log
    </VirtualHost>


    so any zadmin.<domain> goes to the admin

  6. #6
    Join Date
    Jul 2013
    Posts
    1
    Rep Power
    2

    Default

    [QUOTE=Fooshnik;244218]
    Code:
    edit /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in and add port 443 to the allowed ports like so.
           <context-param>
                   <param-name>admin.allowed.ports</param-name>
                   <param-value>7071, 443</param-value>
           </context-param>
    I confirm that it works well for Zimbra 8 for me.

Similar Threads

  1. Replies: 42
    Last Post: 01-29-2010, 12:03 AM
  2. Replies: 5
    Last Post: 08-27-2008, 06:58 AM
  3. Replies: 3
    Last Post: 08-21-2008, 03:15 PM
  4. Issue with FF3 + ZCS 4.5.11 admin page?
    By SSS in forum Administrators
    Replies: 6
    Last Post: 06-23-2008, 11:33 AM
  5. [SOLVED] Edit Button in Documents Gray After Upgrade
    By weathertation in forum Administrators
    Replies: 10
    Last Post: 05-14-2008, 01:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •