Results 1 to 2 of 2

Thread: Access Zimbra on port 443 via apache

  1. #1
    Join Date
    Dec 2006
    Posts
    38
    Rep Power
    8

    Question Access Zimbra on port 443 via apache

    Hi,

    I have already posted part of this in another thread. Here I post my status at the moment.

    I have a server running Apache (http port 80, https port 443) and zimbra (zimbraMailPort 7070, zimbraMailSSLPort 7443).

    In short:

    1) I manage to access zimbra via http at port 7070
    2) I manage to access zimbra via http at port 80 using mod_jk Zimbra with Apache using mod jk - ZimbraWiki
    3) I manage to access zimbra via https at port 7443 using zmtlsctl https
    4) I DO NOT MANAGE to access zimbra via https at port 443

    %%%%% HTTP ACCESS OVER PORT 80 %%%%%%%%%

    • installed mod_jk

    • created a file /etc/httpd/conf/workers.properties with following text:

      Code:
      worker.zimbraworker.type=ajp13
      worker.zimbraworker.host=localhost
      worker.zimbraworker.port=8012
      worker.zimbraworker.lbfactor=1
      workers.tomcat_home=/opt/zimbra/tomcat
      workers.java_home=/opt/zimbra/java

    • added into /etc/httpd/conf/httpd.conf the following text

      Code:
      # Load mod_jk module
      # Update this path to match your modules location
      LoadModule jk_module modules/mod_jk.so
      # Declare the module for <IfModule directive> (remove this line on Apache 2.x)
      # AddModule mod_jk.c
      
      # Where to find workers.properties
      # Update this path to match your conf directory location (put workers.properties next to httpd.conf)
      JkWorkersFile /etc/httpd/conf/workers.properties
      
      # Where to put jk logs
      # Update this path to match your logs directory location (put mod_jk.log next to access_log)
      JkLogFile /etc/httpd/logs/mod_jk.log
      # Set the jk log level [debug/error/info]
      JkLogLevel info
      # Select the log format
      JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
      
      # JkOptions indicate to send SSL KEY SIZE,
      JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
      
      # JkRequestLogFormat set the request format
      JkRequestLogFormat "%w %V %T"
      
      
      <VirtualHost *>
      ServerAdmin netmaster@domain.example
      ServerName server.domain.example
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteLog logs/server_rewrite.log
      RewriteLogLevel 0
      RewriteRule ^/$ http://server.domain.example/zimbra
      </IfModule>
      JkMount /zimbra zimbraworker
      JkMount /zimbra/ zimbraworker
      JkMount /zimbra/* zimbraworker
      JkMount /service zimbraworker
      JkMount /service/ zimbraworker
      JkMount /service/* zimbraworker
      JkMount /zimbraAdmin zimbraworker
      JkMount /zimbraAdmin/ zimbraworker
      JkMount /zimbraAdmin/* zimbraworker
      JkMount //zimbra zimbraworker
      ErrorLog logs/server.domain.example-error_log
      CustomLog logs/server.domain.example-access_log common
      </VirtualHost>

    [LIST]
    in /opt/zimbra/tomcat/conf/server.xml there is the text
    Code:
     <Service name="Catalina">
            <!-- user services connector, no SSL -->
            <!-- HTTPBEGIN -->
            <Connector port="7070"
                       acceptCount="1024" URIEncoding="UTF-8"
                       enableLookups="false" redirectPort="7443"
                       compression="on"
                       compressionMinSize="1024"
                       compressableMimeType="text/html,text/plain,text/css"
                       noCompressionUserAgents=".*MSIE 6.*"
                       maxThreads="100" minSpareThreads="100" maxSpareThreads="100"/>
    • added in /opt/zimbra/tomcat/conf/server.xml and /opt/zimbra/tomcat/conf/server.xml.in the following text:
      Code:
      <Connector port="8012" acceptCount="1024" enableLookups="false" redirectPort="7443" protocol="AJP/1.3" />
      just before
      Code:
      <Engine name="Catalina" defaultHost="localhost">

    • added into
      /opt/zimbra/apache-tomcat-5.5.15/webapps/service/WEB-INF/web.xml and /opt/zimbra/apache-tomcat-5.5.15/conf/service.web.xml.in
      the ports 443 and 80 in all allowed.ports instances

    • restart tomcat
      Code:
      tomcat  restart


    with this as I have saied I can access zimbra at
    http://webmail.domain.example


    %%%%% HTTPS ACCESS OVER PORT 443 %%%%%%%%%


    • comment into /etc/httpd/conf/httpd.conf the VirtualHost regarding Zimbra (kept the rest).

    • added into /etc/httpd/conf.d/ssl.conf the following VirtualHost

      Code:
      <VirtualHost webmail.domain.example>
        ErrorLog logs/ssl_error_log
        TransferLog logs/ssl_access_log
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
        SSLCertificateKeyFile /opt/zimbra/ssl/ssl/server/server.key
        SSLCertificateFile /opt/zimbra/ssl/ssl/server/server.crt
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteLog logs/server_rewrite.log
      RewriteLogLevel 0
      RewriteRule ^/$ https://server.domain.example/zimbra
      </IfModule>
      JkMount /zimbra zimbraworker
      JkMount /zimbra/ zimbraworker
      JkMount /zimbra/* zimbraworker
      JkMount /service zimbraworker
      JkMount /service/ zimbraworker
      JkMount /service/* zimbraworker
      JkMount /zimbraAdmin zimbraworker
      JkMount /zimbraAdmin/ zimbraworker
      JkMount /zimbraAdmin/* zimbraworker
      JkMount //zimbra zimbraworker

    • restart httpd
      Code:
      service httpd restart


    At this point I would wxpect to access zimbra under

    https://webmail.domain.example

    but it does not work!!!!

    As I have saied I have no idea, please help!

  2. #2
    Join Date
    Dec 2006
    Posts
    38
    Rep Power
    8

    Talking Solved

    I have found the problem:

    since before we were not using any https in the httpd.conf the VirtualHosts were set as NameVirtualHost *; <VirtualHost *> in the httpd.conf.
    This was "overwriting" everything that I was setting in the ssl.conf file!

    To have everything consistent and use VirtualHosts in both port 80 and port 443:

    • in httpd.conf I have set
      Code:
      NameVirtualHost *:80
      and define the Virtual Hosts as

      Code:
      <VirtualHost *:80>
      ...................
      ..................
      </VirtualHost>


    • in ssl.conf I have set
      NameVirtualHost *:443

      and define the Virtual Hosts as

      Code:
      <VirtualHost *:443>
      ...................
      ..................
      </VirtualHost>

Similar Threads

  1. https ???
    By CatiaL in forum Administrators
    Replies: 7
    Last Post: 09-16-2009, 06:47 PM
  2. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 03:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •