Results 1 to 5 of 5

Thread: Best Practice (Zimbra / Apache / other services)

  1. #1
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    7

    Default Best Practice (Zimbra / Apache / other services)

    Hi there

    my waf is constantly going down right now, as she can't access the webmail feature from work, which is obviously, as I redirect to tcp port 444 to get 443 free fro apache.

    So, my weekend task is to fix this issue.

    I've read a lot about using zimbra and apache (virtual hosts) on the same server and I know it's not the preffered way, but getting another root server just for zimbra is obviously not MY preffered way :-)

    I do have an option for several IP Addresses for my root server and actually thought it might be a good idea to use a dedicated on for all zimbra related stuff.

    So, my idea is:

    - leave all standard mail services to listen on all IP Addresses (so that stuff in virtual servers on the "main" IP can access it right away (do I actually need this? Won't the use these features (phpmail, etc.) anyway through local system calls instead of IP?

    - move the Zimbra Web Services to a dedicated IP, i.e. zimbraAdmin and the webmail interface

    - keep working with all that virtual servers on the original IP.

    I found a wiki entry which si based on 4.5, anyone here who got it working with v5.x?

    Anyone any other ideas?

    The main Problem is, that I really need to use deafult ports for the services, as I can't always touch firewalls (specially not the one in my wife's ompany)

    Thanks a lot in advance

    f0rd42

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If you have free IPs and enough memory then why not virtualise your server ?

  3. #3
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    7

    Default

    Good point, but unfortunately the server only has 2 GB

    f0rd42

  4. #4
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    7

    Default

    Ok, I tried to follow the available documentation which leads me to a totally unusabel system :-(

    I basically followed this article:

    - I did the postfix change
    - I did the tomcat jetty changes according to this article
    - I did the java changes in ldap according to the first article. Only Problem: I can't set zimbraLmtpSSLBindAddress, but I can set zimbraLmtpBindAddress (does it make any differences?)
    - I changes the zmapache settings to liste to a specific iport instead of just the port
    - I haven't touched clamd

    my /opt/zimbra/jetty/etc/jetty.xml.in:

    Code:
     <!-- =========================================================== -->
        <!-- Set connectors                                              -->
        <!-- =========================================================== -->
    
        <!-- user services connector, no SSL -->
        <!-- HTTPBEGIN -->
        <Call name="addConnector">
          <Arg>
              <New id="http" class="org.mortbay.jetty.nio.SelectChannelConnector">
                <Set name="port"><SystemProperty name="jetty.port" default="%%zimbraMailPort%%"/></Set>
                <Set name="maxIdleTime">30000</Set>
                <Set name="lowResourceMaxIdleTime">1000</Set>
                <Set name="Acceptors">2</Set>
                <Set name="confidentialPort">%%zimbraMailSSLPort%%</Set>
                <Set name="Host">78.47.207.81</Set>
              </New>
          </Arg>
        </Call>
    <!-- HTTPEND -->
        
        <!-- user services connector, SSL -->
        <!-- HTTPSBEGIN
        <Call name="addConnector">
          <Arg>
            <New id="ssl" class="org.mortbay.jetty.security.SslSelectChannelConnector">
              <Set name="Port">%%zimbraMailSSLPort%%</Set>
              <Set name="Host">78.47.207.81</Set>
              <Set name="maxIdleTime">30000</Set> 
              <Set name="lowResourceMaxIdleTime">1000</Set>
              <Set name="Acceptors">2</Set>
              <Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
              <Set name="password">@@mailboxd_keystore_password@@</Set>
              <Set name="ExcludeCipherSuites">
                <Array type="java.lang.String">
                  %%zimbraSSLExcludeCipherSuites%%
                </Array>
              </Set>
            </New>
          </Arg>
        </Call>
    HTTPSEND -->
    
     <!-- =============================================================== -->
        <!-- Admin services connector; requires SSL -->
        <!-- =============================================================== -->
        <Call name="addConnector">
          <Arg>
            <New id="admin" class="org.mortbay.jetty.security.SslSelectChannelConnector">
              <Set name="Port">7071</Set>
              <Set name="Host">78.47.207.81</Set>
              <Set name="maxIdleTime">30000</Set>
              <Set name="lowResourceMaxIdleTime">1000</Set>
              <Set name="Acceptors">2</Set>
              <Set name="keystore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
              <Set name="password">@@mailboxd_keystore_password@@</Set>
              <Set name="ExcludeCipherSuites">
                <Array type="java.lang.String">
                  %%zimbraSSLExcludeCipherSuites%%
                </Array>
              </Set>
            </New>
          </Arg>
        </Call>


    my zimbra.web.xml.in:

    Code:
     <context-param>
               <param-name>zimbra.soap.url</param-name>
               <param-value>https:78.47.207.81/service/soap</param-value>
            </context-param>
    my zimbraAdmin.web.xml.in:

    Code:
    <context-param>
               <param-name>zimbra.soap.url</param-name>
               <param-value>http://78.47.207.81/service/soap</param-value>
            </context-param>
    zmprov gives me a:
    Code:
    ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
    but zmprov -l works fine.

    a zmprov -l gs marvin.dieball.net tells me:

    Code:
    [zimbra@marvin etc]$ zmprov -l gs marvin.dieball.net
    # name marvin.dieball.net
    cn: marvin.dieball.net
    objectClass: zimbraServer
    zimbraAdminPort: 7071
    zimbraAdminURL: /zimbraAdmin
    zimbraAttachmentsIndexedTextLimit: 1048576
    zimbraBackupAutoGroupedInterval: 1d
    zimbraBackupAutoGroupedNumGroups: 7
    zimbraBackupAutoGroupedThrottled: FALSE
    zimbraBackupMode: Standard
    zimbraBackupReportEmailSubjectPrefix: ZCS Backup Report
    zimbraBackupTarget: /opt/zimbra/backup
    zimbraCalendarRecurrenceDailyMaxDays: 730
    zimbraCalendarRecurrenceMaxInstances: 0
    zimbraCalendarRecurrenceMonthlyMaxMonths: 360
    zimbraCalendarRecurrenceOtherFrequencyMaxYears: 1
    zimbraCalendarRecurrenceWeeklyMaxWeeks: 520
    zimbraCalendarRecurrenceYearlyMaxYears: 100
    zimbraClusterType: none
    zimbraFileUploadMaxSize: 10485760
    zimbraHsmAge: 30d
    zimbraHttpNumThreads: 250
    zimbraHttpSSLNumThreads: 50
    zimbraId: 07423a1b-690d-49da-b49e-47d022940a00
    zimbraImapBindAddress: 78.47.207.81
    zimbraImapBindOnStartup: TRUE
    zimbraImapBindPort: 7143
    zimbraImapCleartextLoginEnabled: TRUE
    zimbraImapNumThreads: 200
    zimbraImapProxyBindPort: 143
    zimbraImapSSLBindAddress: 78.47.207.81
    zimbraImapSSLBindOnStartup: TRUE
    zimbraImapSSLBindPort: 7993
    zimbraImapSSLProxyBindPort: 993
    zimbraImapSSLServerEnabled: TRUE
    zimbraImapSaslGssapiEnabled: FALSE
    zimbraImapServerEnabled: TRUE
    zimbraLmtpBindAddress: 78.47.207.81
    zimbraLmtpBindOnStartup: FALSE
    zimbraLmtpBindPort: 7025
    zimbraLmtpNumThreads: 20
    zimbraLmtpPermanentFailureWhenOverQuota: FALSE
    zimbraLmtpServerEnabled: TRUE
    zimbraLogToSyslog: FALSE
    zimbraMailDiskStreamingThreshold: 1048576
    zimbraMailMode: http
    zimbraMailPort: 8080
    zimbraMailProxyPort: 80
    zimbraMailPurgeSleepInterval: 1m
    zimbraMailReferMode: reverse-proxied
    zimbraMailSSLPort: 8443
    zimbraMailSSLProxyPort: 443
    zimbraMailURL: /zimbra
    zimbraMemcachedBindPort: 11211
    zimbraMessageCacheSize: 1671168
    zimbraMtaAntiSpamLockMethod: flock
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: marvin.dieball.net
    zimbraMtaAuthTarget: TRUE
    zimbraMtaAuthURL: https://marvin.dieball.net/service/soap/
    zimbraMtaDnsLookupsEnabled: TRUE
    zimbraMtaMyDestination: localhost
    zimbraMtaMyNetworks: 127.0.0.0/8 213.239.215.67/32 78.47.207.80/28
    zimbraMtaTlsAuthOnly: TRUE
    zimbraNotebookFolderCacheSize: 1024
    zimbraNotebookMaxCachedTemplatesPerFolder: 256
    zimbraNotebookPageCacheSize: 10240
    zimbraNotifyBindPort: 7035
    zimbraNotifySSLBindPort: 7036
    zimbraNotifySSLServerEnabled: TRUE
    zimbraNotifyServerEnabled: TRUE
    zimbraPop3BindAddress: 78.47.207.81
    zimbraPop3BindOnStartup: TRUE
    zimbraPop3BindPort: 7110
    zimbraPop3CleartextLoginEnabled: TRUE
    zimbraPop3NumThreads: 100
    zimbraPop3ProxyBindPort: 110
    zimbraPop3SSLBindAddress: 78.47.207.81
    zimbraPop3SSLBindOnStartup: TRUE
    zimbraPop3SSLBindPort: 7900
    zimbraPop3SSLProxyBindPort: 900
    zimbraPop3SSLServerEnabled: TRUE
    zimbraPop3SaslGssapiEnabled: FALSE
    zimbraPop3ServerEnabled: TRUE
    zimbraRedoLogArchiveDir: redolog/archive
    zimbraRedoLogDeleteOnRollover: TRUE
    zimbraRedoLogEnabled: TRUE
    zimbraRedoLogFsyncIntervalMS: 10
    zimbraRedoLogLogPath: redolog/redo.log
    zimbraRedoLogRolloverFileSizeKB: 102400
    zimbraRemoteManagementCommand: /opt/zimbra/libexec/zmrcd
    zimbraRemoteManagementPort: 22
    zimbraRemoteManagementPrivateKeyPath: /opt/zimbra/.ssh/zimbra_identity
    zimbraRemoteManagementUser: zimbra
    zimbraReverseProxyHttpEnabled: TRUE
    zimbraReverseProxyImapSaslGssapiEnabled: FALSE
    zimbraReverseProxyImapStartTlsMode: only
    zimbraReverseProxyLookupTarget: TRUE
    zimbraReverseProxyMailEnabled: TRUE
    zimbraReverseProxyMailMode: both
    zimbraReverseProxyPop3SaslGssapiEnabled: FALSE
    zimbraReverseProxyPop3StartTlsMode: only
    zimbraSSLCertificate: 
    KEYKEYKEY
    -----END CERTIFICATE-----
    zimbraSSLPrivateKey: -----BEGIN RSA PRIVATE KEY-----
    KEYKEYKEY
    -----END RSA PRIVATE KEY-----
    zimbraScheduledTaskNumThreads: 20
    zimbraServiceEnabled: antivirus
    zimbraServiceEnabled: antispam
    zimbraServiceEnabled: logger
    zimbraServiceEnabled: mailbox
    zimbraServiceEnabled: mta
    zimbraServiceEnabled: stats
    zimbraServiceEnabled: snmp
    zimbraServiceEnabled: ldap
    zimbraServiceEnabled: spell
    zimbraServiceEnabled: imapproxy
    zimbraServiceHostname: marvin.dieball.net
    zimbraServiceInstalled: antivirus
    zimbraServiceInstalled: antispam
    zimbraServiceInstalled: logger
    zimbraServiceInstalled: mailbox
    zimbraServiceInstalled: mta
    zimbraServiceInstalled: stats
    zimbraServiceInstalled: imapproxy
    zimbraServiceInstalled: snmp
    zimbraServiceInstalled: ldap
    zimbraServiceInstalled: spell
    zimbraSmtpHostname: marvin.dieball.net
    zimbraSmtpPort: 25
    zimbraSmtpSendPartial: FALSE
    zimbraSmtpTimeout: 60
    zimbraSoapRequestMaxSize: 15360000
    zimbraSpellCheckURL: http://marvin.dieball.net:7780/aspell.php
    zimbraSshPublicKey: ssh-dss AKEYKEYKEY== marvin.dieball.net
    zimbraTableMaintenanceGrowthFactor: 10
    zimbraTableMaintenanceMaxRows: 1000000
    zimbraTableMaintenanceMinRows: 10000
    zimbraTableMaintenanceOperation: ANALYZE
    zimbraVirusDefinitionsUpdateFrequency: 2h
    zimbraXMPPEnabled: TRUE

    IMAP(s) connections are not possible any more, Logging in via webmail to the mailbox gives me a zclient.IO Error.
    Using the admin backend web interface works.


    Any help would be highly appreciated

    Thanks

    Andre

  5. #5
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    7

    Default

    while trying to reverse all changes I made in order to give it a fresh start, i've seen, that my zimbra.web.xml.in had missing // in the address

    Possible that this was the sole problem?

    f0rd42

Similar Threads

  1. Replies: 21
    Last Post: 02-04-2010, 09:06 AM
  2. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 08:03 AM
  3. Replies: 22
    Last Post: 12-02-2007, 04:05 PM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  5. 3.1 on FC4 problems
    By cohnhead in forum Installation
    Replies: 8
    Last Post: 05-26-2006, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •