Web interface freezing after enabling reverse-proxy

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
GlooM
Advanced member
Advanced member
Posts: 96
Joined: Sat Sep 13, 2014 12:50 am

Web interface freezing after enabling reverse-proxy

Postby GlooM » Fri Dec 21, 2018 10:25 am

Hello!

After enabling revers-proxy mode, the web interface of my server began to freeze (abount 10-15 seconds) after login. After these 15 seconds the web interface works without problems. But if you move the mouse cursor over the dates of the calendar, the freeze is returned! It also became very slow to synchronize Outlook through IMAP. With a large number of folders in the box, synchronization takes up to 10-15 minutes
I have enabled proxy mode for updating from Zimbra 8.5.1 to 8.7.11 (Although I use a single server configuration and I don’t need a proxy). After upgrading to version 8.7.11, slow work is preserved. Can I turn off the proxy on an already installed version 8.7.11 or somehow fix it?

Release 8.7.11.GA.1854.UBUNTU16.64 UBUNTU16_64 FOSS edition.


phoenix
Ambassador
Ambassador
Posts: 26779
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Web interface freezing after enabling reverse-proxy

Postby phoenix » Fri Dec 21, 2018 11:43 am

The proxy and memcached are required components for an install.of ZCS 8.7+ onwards.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
GlooM
Advanced member
Advanced member
Posts: 96
Joined: Sat Sep 13, 2014 12:50 am

Re: Web interface freezing after enabling reverse-proxy

Postby GlooM » Fri Dec 21, 2018 12:38 pm

phoenix wrote:The proxy and memcached are required components for an install.of ZCS 8.7+ onwards.


Ok.I have successfully updated the version to 8.7.11. Can I turn off the proxy now? If I need to install the next update, I will turn on the proxy again so that the installer passes the checks. As I understand it, a proxy is not necessary for single server configurations? Or the server does not work at all without a proxy? If the proxy can not be turned off, then how can I fix slow work?
phoenix
Ambassador
Ambassador
Posts: 26779
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Web interface freezing after enabling reverse-proxy

Postby phoenix » Fri Dec 21, 2018 12:42 pm

I've already said that the proxy and memcached are required components from 8.7+ onwards, that includes single servers.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
milauria
Advanced member
Advanced member
Posts: 70
Joined: Mon Aug 15, 2016 12:32 pm

Re: Web interface freezing after enabling reverse-proxy

Postby milauria » Mon Dec 24, 2018 12:48 am

I have a reverse proxy using a different nginx server on the same LAN.
In my case I experienced that I have to pass the 3 headers: X_Real-IP, X-Forwarded-For and Host to have the web interface work correctly (and logging the correct IP address)
By the way memcached is installed ...

Code: Select all

proxy_pass https://192.168.0.xxx:8443;           
proxy_set_header      X-Real-IP $remote_addr;
proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header      Host $http_host;
proxy_read_timeout    90;
proxy_connect_timeout 90;
proxy_send_timeout        90;   
proxy_buffer_size         16k;
proxy_buffers        32   16k;
proxy_busy_buffers_size   64k;
GlooM
Advanced member
Advanced member
Posts: 96
Joined: Sat Sep 13, 2014 12:50 am

Re: Web interface freezing after enabling reverse-proxy

Postby GlooM » Mon Dec 24, 2018 11:12 am

Are there any ways to determine the problem? Perhaps there are any proxy logs? At the moment, it slows down the web and IMAP synchronization.
GlooM
Advanced member
Advanced member
Posts: 96
Joined: Sat Sep 13, 2014 12:50 am

Re: Web interface freezing after enabling reverse-proxy

Postby GlooM » Thu Jan 03, 2019 11:13 pm

Nobody helped me, but I dealt with the problem myself. The reason for the slow performance imap and web was the enabled protection against memcached amplification attack.

https://wiki.zimbra.com/wiki/Blocking_Memcached_Attack

"For Zimbra Single Server Installation

Configure memcached to listen on 127.0.0.1 only to avoid this attack. Use below commands.

su - zimbra
/opt/zimbra/bin/zmprov ms `zmhostname` zimbraMemcachedBindAddress 127.0.0.1
/opt/zimbra/bin/zmprov ms `zmhostname` zimbraMemcachedClientServerList 127.0.0.1
"

Protection worked well when the proxy and memcache was disabled. But when proxy mode was enabled - it caused problems despite the fact that I use single server.
I have configured the firewall as recommended for multi-server configuration for protection and disable bind "zimbraMemcachedBindAddress" and "zimbraMemcachedClientServerList"

su - zimbra
zmprov gs `zmhostname` zimbraMemcachedBindAddress
zmprov ms `zmhostname` zimbraMemcachedBindAddress ''"
zmprov gs `zmhostname` zimbraMemcachedClientServerList
zmprov ms `zmhostname` zimbraMemcachedClientServerList ''"

And all the performance problems were solved!

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 11 guests