Results 1 to 9 of 9

Thread: zdesktop and reverse proxy

Hybrid View

  1. #1
    Join Date
    Feb 2006
    Posts
    92
    Rep Power
    9

    Default zdesktop and reverse proxy

    I have installed zdesktop and it works ok when im in my office.
    We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.

    Are any constrains about this setup, because zdesktop do not work when im outside.
    Patricio Bruna
    http://www.itlinux.cl

  2. #2
    Join Date
    Jan 2007
    Posts
    1,688
    Rep Power
    11

    Default

    If you have a reverse proxy then it should work. Have you tried it? Are you having problems?

  3. #3
    Join Date
    Aug 2006
    Posts
    29
    Rep Power
    9

    Default

    Quote Originally Posted by jjzhuang View Post
    If you have a reverse proxy then it should work. Have you tried it? Are you having problems?
    I am having the exact same problem. I have the real zimbra http on the same IP as apache but on port 7070. Web client access works perfectly, activesync also works ok, but zdesktop spits out java exceptions on mailbox.log.

    Here is one:

    2007-09-05 00:34:22,097 ERROR [Timer-Offline-Main] [] offline - failed to sync account eduardo@<mydomain>
    com.zimbra.common.service.ServiceException: resource unreachable: Internal Server Error
    at com.zimbra.common.service.ServiceException.RESOURC E_UNREACHABLE(ServiceException.java:197)
    at com.zimbra.cs.service.UserServlet.getRemoteResourc eInternal(UserServlet.java:1076)
    at com.zimbra.cs.service.UserServlet.getRemoteResourc e(UserServlet.java:1052)
    at com.zimbra.cs.mailbox.InitialSync.syncMessage(Init ialSync.java:817)
    at com.zimbra.cs.mailbox.InitialSync.syncMessagelikeI tems(InitialSync.java:317)
    at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:233)
    at com.zimbra.cs.mailbox.InitialSync.prioritySync(Ini tialSync.java:283)
    at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:261)
    at com.zimbra.cs.mailbox.InitialSync.initialFolderSyn c(InitialSync.java:272)
    at com.zimbra.cs.mailbox.InitialSync.resume(InitialSy nc.java:175)
    at com.zimbra.cs.mailbox.InitialSync.resume(InitialSy nc.java:163)
    at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTa sk.sync(OfflineMailboxManager.java:128)
    at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTa sk.run(OfflineMailboxManager.java:98)
    at java.util.TimerThread.mainLoop(Unknown Source)
    at java.util.TimerThread.run(Unknown Source)

    Apache logs at the same time shows this request:

    24.232.34.202 - - [05/Sep/2007:00:39:28 -0400] "GET /home/~/?fmt=sync&nohdr=1&id=47903 HTTP/1.1" 500 1682


    Thanks.

  4. #4
    Join Date
    Jan 2007
    Posts
    1,688
    Rep Power
    11

    Default

    If it gets that far in the zdesktop log, that means your reverse proxy already works for some URLs but not all. It's choking on the URL /home*. This is not that uncommon because apache mod_proxy config can be very URL specific.

    You can try this. After using webclient to login, in the browser window try this URL:

    http://<proxy-host-port>/home/~/?fmt=sync&nohdr=1&id=47903

    It will probably choke the same way.

  5. #5
    Join Date
    Aug 2006
    Posts
    29
    Rep Power
    9

    Default

    Quote Originally Posted by jjzhuang View Post
    If it gets that far in the zdesktop log, that means your reverse proxy already works for some URLs but not all. It's choking on the URL /home*. This is not that uncommon because apache mod_proxy config can be very URL specific.

    You can try this. After using webclient to login, in the browser window try this URL:

    http://<proxy-host-port>/home/~/?fmt=sync&nohdr=1&id=47903

    It will probably choke the same way.
    you were right... zimbra chokes and an error 500 appears on the browser window:

    java.lang.StringIndexOutOfBoundsException: String index out of range: 4
    java.lang.String.substring(String.java:1765)
    com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
    com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
    javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
    com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
    javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
    com.zimbra.webClient.filters.SetHeaderFilter.doFil ter(SetHeaderFilter.java:286)

    But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.

    Somehow it does not look like an apache misconfiguration...

  6. #6
    Join Date
    Aug 2006
    Posts
    29
    Rep Power
    9

    Default

    Quote Originally Posted by ekaftan View Post
    you were right... zimbra chokes and an error 500 appears on the browser window:

    java.lang.StringIndexOutOfBoundsException: String index out of range: 4
    java.lang.String.substring(String.java:1765)
    com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
    com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
    javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
    com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
    javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
    com.zimbra.webClient.filters.SetHeaderFilter.doFil ter(SetHeaderFilter.java:286)

    But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.

    Somehow it does not look like an apache misconfiguration...
    ah... when that error 500 appears, this gets logged in /opt/zimbra/log/mailbox.log:

    2007-09-05 01:03:39,433 ERROR [http-7070-Processor99] [name=ekaftan@<mydomain>;mid=2;ip=24.232.34.202;] [UserServlet] - Servlet.service() for servlet UserServlet threw exception
    java.lang.StringIndexOutOfBoundsException: String index out of range: 4
    at java.lang.String.substring(String.java:1765)
    at com.zimbra.cs.service.UserServlet$Context.<init>(U serServlet.java:616)
    at com.zimbra.cs.service.UserServlet.doGet(UserServle t.java:255)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:162)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)

  7. #7
    Join Date
    Mar 2007
    Location
    Regina, Sask.
    Posts
    215
    Rep Power
    8

    Default

    Quote Originally Posted by pbruna View Post
    I have installed zdesktop and it works ok when im in my office.
    We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.

    Are any constrains about this setup, because zdesktop do not work when im outside.
    Are you proxying http or https? I've noticed some incidents with https that make life a little more complicated but it still should be possible. Can you give any more details as to what and how you are proxing but not use real IP's?

    Here's a couple of example parameters I've needed to proxy for standard 80 and 443:

    For 80 (in apache) I'll use Vhosts as an example:

    Code:
    <VirtualHost external.ip.address>
    ServerName external.resolved.hostname
    ServerAdmin someone@domain.com
    NoCache *
    ProxyVia on
    ProxyPass         / http://<internal IP address being proxied to>/
    ProxyPassReverse  / http://<internal IP address being proxied to>/
    </VirtualHost>
    HTTPS is a bit different:
    Code:
    <VirtualHost external.resolvable.ip:443>
    ServerName external.resolvable.address
    ProxyPreserveHost      On
    ProxyTimeout    100
    RedirectMatch ^/$ https://<proxied.to.resolvable.name>/
    ProxyPass              /    https://<proxied.to.resolvable.name>/
    ProxyPassReverse       /    https://<proxied.to.resolvable.name>/
    SSLProxyEngine  On
    SSLCertificateFile /path/to/certificate.crt
    SSLCertificateKeyFile /path/to/key.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    </VirtualHost>
    Ok I know this doesn't solve a problem but I can confirm that both of these configurations work for reverse proxy using apache externally proxying in to another machine/service using both SSL and standard HTTP. If you can confirm a similar setup it should be safe to assume the proxying is working and there might be another issue.

    Can you access your webclient outside of work through the reverse proxy? (not using the Zimbra Desktop application)

    Regards,
    Lonny

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •