Page 1 of 2

ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Wed Sep 06, 2017 4:56 pm
by phoenix
This was an upgrade from ZCS 8.7.11 and the proxy refuses to start and gives the following error:

Code: Select all

Stopping proxy...proxy is not running.
Starting proxy...nginx: [emerg] duplicate listen options for [::]:443 in /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default:25
failed.


I did run the command from this article before the upgrade: https://wiki.zimbra.com/wiki/IPv6_Issue ... mbra-proxy

BTW, that article has an incorrect path, Step 2 in the solutions has zimbra spelled as /opt/zimbraa

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Wed Sep 06, 2017 5:06 pm
by ajcody

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Wed Sep 06, 2017 5:11 pm
by phoenix
Thanks Adam, I'll add my comment to that - I would have thought that might get a mention in the release notes as the use of IPv6 is increasing.

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Wed Sep 06, 2017 6:42 pm
by jorgedlcruz
I remember something like this testing, can you please run a yum update or apt-get update/upgrade and see if you have a new nginx module?

Best regards

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Wed Sep 06, 2017 6:51 pm
by phoenix
That would be a "dnf update". :)

Nothing is available and this is the currently installed version:

Code: Select all

dnf info zimbra-nginx
Last metadata expiration check: 0:00:24 ago on Wed Sep 06 20:49:47 2017 CEST.
Installed Packages
Name         : zimbra-nginx
Version      : 1.7.1
Release      : 1zimbra8.7b7.el7
Arch         : x86_64
Size         : 1.3 M
Source       : zimbra-nginx-1.7.1-1zimbra8.7b7.el7.src.rpm
Repo         : @System
From repo    : zimbra
Summary      : Zimbra's nginx build
URL          : http://nginx.org
License      : MIT
Description  : The Zimbra nginx build

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Thu Sep 07, 2017 1:06 pm
by phoenix
ajcody wrote:Not a package issue, it's a problem with what is being done to the configuration file.

[zimbra irc]
(8:53:48 AM) barrydg: maxxer: Now we could upgrade...
(8:54:29 AM) maxxer: no I cannot, there's a bug on IPv6 proxy
(8:54:41 AM) maxxer: https://bugzilla.zimbra.com/show_bug.cgi?id=108293
(8:55:13 AM) barrydg: Ahh
(8:55:15 AM) barrydg: Nice
(8:55:57 AM) maxxer: luckily I spotted it with a random install
(8:56:12 AM) maxxer: rather easy to fix, just remove the first stanza of the configuration
I assume that means from the template file as the config is rewritten when you start the proxy?

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Thu Sep 07, 2017 1:15 pm
by ajcody
Not a package issue, it's a problem with what is being done to the configuration file.

[zimbra irc]
(8:53:48 AM) barrydg: maxxer: Now we could upgrade...
(8:54:29 AM) maxxer: no I cannot, there's a bug on IPv6 proxy
(8:54:41 AM) maxxer: https://bugzilla.zimbra.com/show_bug.cgi?id=108293
(8:55:13 AM) barrydg: Ahh
(8:55:15 AM) barrydg: Nice
(8:55:57 AM) maxxer: luckily I spotted it with a random install
(8:56:12 AM) maxxer: rather easy to fix, just remove the first stanza of the configuration

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Thu Sep 07, 2017 1:34 pm
by ajcody
Not 100% sure, Maxxer and Barry are still talking about it now in IRC. Barry just asked him if he had a patch or would submit one for the bug.

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Thu Sep 07, 2017 1:39 pm
by phoenix
ajcody wrote:Not 100% sure, Maxxer and Barry are still talking about it now in IRC. Barry just asked him if he had a patch or would submit one for the bug.
Yes, it's the template that's the problem. I've just done the following on a test server and it came up fine:

Change to the templates directory and save a copy of the original file.

Code: Select all

cd /opt/zimbra/conf/nginx/templates

cp nginx.conf.web.https.default.template nginx.conf.web.https.default.template.original


Edit the following file and remove the first stanza i.e. just the code in the box below:

vi nginx.conf.web.https.default.template

Code: Select all

server {
    ${core.ipboth.enabled}listen                  [::]:${web.https.port} default_server ipv6only=off;
    ${core.ipv4only.enabled}listen                ${web.https.port} default_server;
    ${core.ipv6only.enabled}listen                [::]:${web.https.port} default_server;

    ssl                     on;
    ssl_protocols           ${web.ssl.protocols};
    ssl_prefer_server_ciphers ${web.ssl.preferserverciphers};
    ssl_session_cache       ${ssl.session.cachesize};
    ssl_session_timeout     ${ssl.session.timeout};
    ssl_ciphers             ${web.ssl.ciphers};
    ssl_ecdh_curve          ${web.ssl.ecdh.curve};
    ssl_certificate         ${ssl.crt.default};
    ssl_certificate_key     ${ssl.key.default};
    ssl_verify_client       ${ssl.clientcertmode.default};
    ssl_verify_depth        ${ssl.clientcertdepth.default};
    ${web.ssl.dhparam.enabled}ssl_dhparam             ${web.ssl.dhparam.file};
    return 444;
}


zmprov ms `zmhostname` zimbraIPMode both ; /opt/zimbra/libexec/zmiptool ; zmcontrol restart - that should all start correctly.

Mind you, I haven't yet tested it with any email - I'll be back with an answer soon.

Re: ZCS 8.8 upgrade failed with IPv6 enabled

Posted: Thu Sep 07, 2017 1:59 pm
by phoenix
That's a more elegant solution than mine, I tend to go for the sledgehammer approach as I'm a novice. :) I'll try your patch shortly and post back here.