Results 1 to 2 of 2

Thread: [SOLVED] Zimbra 5 Mobile, sync using SSL and Apache Proxy does not work

Threaded View

  1. #1
    Join Date
    Jul 2006
    Location
    Australia, ACT
    Posts
    197
    Rep Power
    9

    Smile [SOLVED] Zimbra 5 Mobile, sync using SSL and Apache Proxy does not work

    G'day All

    Just thought I'd post this solution to help anyone unable to sync Zimbra 5 using SSL when Zimbra is behind an Apache Proxy server.

    We use Apache 2 to proxy requests to Zimbra and some other web servers in our network. After upgrading to Zimbra 5 we noticed that email was no longer syncing using SSL on our Nokia E61s using Mail for Exchange 2.02 (ie. it just failed with the error: 'Connection error'). It is important to note that webmail was working fine on both HTTP and HTTPS; and that syncing using a non-SSL connection was also working. Only sync using SSL was failing with this setup.

    The following entries appear in the Apache Proxy server access log.
    Code:
    69.200.121.1 - - [03/Jan/2008:14:25:02 +1100] "OPTIONS /Microsoft-Server-ActiveSync?User=somedood%40something.net&DeviceId=IMEI356213
    000206945&DeviceType=IMEI356213000206945 HTTP/1.1" 200 - "-" "NokiaE61/1.0"
    69.200.121.1 - - [03/Jan/2008:14:25:02 +1100] "POST /Microsoft-Server-ActiveSync?User=somedood%40something.net&DeviceId=IMEI356213000
    206945&DeviceType=IMEI356213000206945&Cmd=FolderSync HTTP/1.1" 502 - "-" "NokiaE61/1.0"
    The following entries appear in the Apache Proxy server error log.
    Code:
    [Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: error reading status line from remote server webmail.something.net
    [Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: Error reading from remote server returned by /Microsoft-Server-ActiveSync
    [Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: error reading status line from remote server webmail.something.net
    [Thu Jan 03 14:25:03 2008] [error] [client 69.200.121.1] proxy: Error reading from remote server returned by /error/HTTP_BAD_GATEWAY.html.var
    After a far amount of investigation I tracked the problem down to the way that requests were being proxied to the Zimbra server using SSL. Something has changed in Zimbra 5 which breaks the comms between the proxy server and Zimbra. There was nothing wrong with the Nokia, Mail for Exchange and anything in between. Googling found this post with a similar problem for another system, Using Apache with mod_proxy - Confluence 2.7 - Confluence

    The solution is to use the following in the Apache proxy server as follows.
    Code:
    SetEnv force-proxy-request-1.0 1
    SetEnv proxy-nokeepalive 1
    From mod_proxy - Apache HTTP Server
    For circumstances where mod_proxy is sending requests to an origin server that doesn't properly implement keepalives or HTTP/1.1, there are two environment variables that can force the request to use HTTP/1.0 with no keepalive. These are set via the SetEnv directive.
    Code:
    <Location /buggyappserver/>
    ProxyPass http://buggyappserver:7001/foo/
    SetEnv force-proxy-request-1.0 1
    SetEnv proxy-nokeepalive 1
    </Location>
    Our original Apache proxy virtual host configuration (which did work with Zimbra 4.5 Mobile on SSL but does NOT work with Zimbra 5 Mobile SSL).

    Code:
    <VirtualHost *:443>
     ServerAdmin support@something.net
     DocumentRoot /srv/www/htdocs/gonzo
     ServerName webmail.something.net
     ErrorLog /var/log/apache2/webmail.something.net_ssl-error_log
     CustomLog /var/log/apache2/webmail.something.net_ssl-access_log combined
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl.crt/something.net.crt
     SSLCertificateKeyFile /etc/apache2/ssl.key/something.net.key
     SSLProxyEngine On
     SSLProxyVerify none
     ProxyPass / https://webmail.something.net/
     ProxyPassReverse /  https://webmail.something.net/
     ProxyRequests Off
     ProxyPreserveHost On
    </VirtualHost>
    And below is the updated Apache proxy virtual host configuration which now works with Zimbra 5 Mobile and SSL.
    Code:
    <VirtualHost *:443>
     ServerAdmin support@something.net
     DocumentRoot /srv/www/htdocs/gonzo
     ServerName webmail.something.net
     ErrorLog /var/log/apache2/webmail.something.net_ssl-error_log
     CustomLog /var/log/apache2/webmail.something.net_ssl-access_log combined
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl.crt/something.net.crt
     SSLCertificateKeyFile /etc/apache2/ssl.key/something.net.key
     SSLProxyEngine On
     SSLProxyVerify none
     ProxyPass / https://webmail.something.net/
     ProxyPassReverse /  https://webmail.something.net/
     ProxyRequests Off
     ProxyPreserveHost On
     <Proxy *>
      Order deny,allow
      Allow from all
     </Proxy>
     <Location />
      ProxyPass https://webmail.something.net
      SetEnv force-proxy-request-1.0 1
      SetEnv proxy-nokeepalive 1
     </Location>
    </VirtualHost>
    Hope this helps someone else (this took about 8 hours to solve).
    Last edited by greenrenault; 01-03-2008 at 01:21 PM. Reason: Forgot to mention that proxying for webmail on http/https and non-ssl sync was still working

Similar Threads

  1. apache 2.2 mod_authnz_ldap to zimbra help?
    By jdell in forum Administrators
    Replies: 2
    Last Post: 06-13-2008, 04:11 PM
  2. Zimbra https proxy with apache
    By haensse in forum Installation
    Replies: 20
    Last Post: 02-23-2008, 03:48 PM
  3. Access Zimbra on port 443 via apache
    By CatiaL in forum Administrators
    Replies: 1
    Last Post: 06-15-2007, 03:11 AM
  4. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 11:34 PM
  5. www Port Conflict/Changing Zimbra Apache Setting
    By macguru in forum Administrators
    Replies: 15
    Last Post: 04-16-2006, 10:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •