Results 1 to 10 of 21

Thread: Zimbra https proxy with apache

Hybrid View

  1. #1
    Join Date
    Nov 2006
    Posts
    13
    Rep Power
    9

    Default Zimbra https proxy with apache

    Dear forum,

    I'm running zimbra over https. For the access from the internet, the zimbra server is running behind an apache ssl proxy. I get errors like this in the zimbra ui when the webclient is idle for a couple of minutes. When accessing zimbra directly, there is no such error.

    msg - Invalid SOAP PDU
    code - INVALID_PDU
    method - AjxSoapDoc.createFromXml:2
    detail - undefined

    Somewhere must be a connection timeout that causes zimbra to show errors like this?!

    What is the meaning of this error on the zimbra side? Is this really a timeout?

    This is my apache proxy setting. Is this correct?
    Is there a better way to support zimbra behind a ssl proxy? As I would like to use virtual host also for https, I can't see a better way. I only have one ip for different urls!!

    regards

    Dani


    NameVirtualHost *:443
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem
    #SSLCertificateKeyFile /etc/apache2/ssl/apache.key
    #SSLCACertificatePath /etc/apache2/ssl/ssl.crt
    #SSLCACertificateFile /etc/apache2/ssl/ssl.crt/ca-bundle.crt
    SSLProxyEngine On
    ProxyPreserveHost On
    ProxyPass / https://internal.foobar.com/
    ProxyPassReverse / https://internal.foobar.com/
    ProxyRequests Off
    ProxyTimeout 3600
    # Forward rules
    SetOutputFilter proxy-html
    ProxyHTMLURLMap https://internal.foobar.com/ https://external.foobar.com/
    ProxyHTMLExtended On
    # Compression off
    RequestHeader unset Accept-Encoding
    ServerName external.foobar.com
    ServerAlias external.foobar.ch
    ServerAdmin webmaster@foobar.com
    ErrorLog /var/log/apache2/external.foobar.com-error_log
    CustomLog /var/log/apache2/external.foobar.com-access_log common

  2. #2
    Join Date
    Oct 2007
    Posts
    2
    Rep Power
    8

    Default

    I am also running zimbra behind a firewall and allowing remote access through an apache proxy, but I get the following error right after login:

    msg - Invalid SOAP PDU
    code - INVALID_PDU
    method - AjxSoapDoc.createFromXml:2
    detail - undefined

    Dani, did you find an apache proxy setting that allowed you to get rid of the error?

    Regards,
    Ron

  3. #3
    Join Date
    Nov 2006
    Posts
    13
    Rep Power
    9

    Default

    no, we just moved to scalix

    sorry

    best regards

    Dani

  4. #4
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    These settings below should work.
    The reverse proxy access the https part of Zimbra (if you're using a self-signed certificate you'll have to download and save as /etc/apache2/ssl/zimbra.crt).

    Code:
    <VirtualHost *:443> 
    	
    ServerName reverse.domain.tld
    
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/reverse.domain.tld.crt
    SSLCertificateKeyFile /etc/apache2/ssl/reverse.domain.tld.key 
    	
    SSLProxyEngine on
    SSLProxyCACertificateFile /etc/apache2/ssl/zimbra.crt 
    
    RequestHeader set Front-End-Https On
    ProxyRequests On
    ProxyPreserveHost On
    ProxyVia full 
    	
    <Proxy *>
      Order deny,allow 
      Allow from all
    </Proxy>
    
    ProxyPass        / https://internal-zimbra-server.domain/ 
    ProxyPassReverse / https://internal-zimbra-server.domain/ 
    	
    </VirtualHost>
    Last edited by Klug; 10-26-2007 at 12:29 AM. Reason: Tiny error in the code

  5. #5
    Join Date
    Jun 2007
    Location
    Philippines
    Posts
    193
    Rep Power
    8

    Default

    Quote Originally Posted by haensse View Post
    no, we just moved to scalix

    sorry

    best regards

    Dani
    LOL , what's the point?

    let's just try to be more helpful next time we post.

  6. #6
    Join Date
    Oct 2007
    Posts
    2
    Rep Power
    8

    Default

    Thanks for the pointers Klug. I've tried the settings, but I still get the "Invalid SOAP PDU" error after authenticating. I know the SSL config is working as I have other services running through proxy already. This appears to be an issue with Tomcat and the apache proxy settings. I will keep working on it.

  7. #7
    Join Date
    Oct 2007
    Location
    Australia
    Posts
    2
    Rep Power
    8

    Default

    Thanks Klug! That got HTTPS Proxying working on my Ubuntu Feisty mail server. It is proxying via a Ubuntu Feisty Apache2 server.

    I copied the Zimbra server.key and server.crt from the mailserver's /opt/zimbra/ssl/ssl/server/ directory over to the Apache server's /etc/apache2/ssl dir.

    Had to modify your config slightly, as "Proxy Via full" brought up an error. Used "ProxyVia full" and it seemed to be happy with that.

    Made sure I had the proxy module enabled as well via "a2enmod proxy".

    Thanks again, this has been a long standing issue for me, and one that isn't well documented on the Net (from what I can find anyways).

    Cya round
    Jinx

Similar Threads

  1. QUE Failure
    By tbullock in forum Administrators
    Replies: 31
    Last Post: 07-30-2008, 01:17 PM
  2. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  4. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 11:34 PM
  5. Seeming variety of problems on suse-9.1
    By Crexis in forum Installation
    Replies: 52
    Last Post: 03-04-2006, 12:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •