Solved Proxy Failure on Zimbra 8.8 After Update
-
Zimbra has, by default, the web interface runs on port 8443, and then an Nginx proxy runs in front of it that provides port 443 translation. This has been working for a year without an issue, but with the latest update we get the following error.
You can see the page attempting to authenticate, loads of TLS info flies by as the page loads, but it winds up here. If we go to port 8443 directly, everything works fine (but ideally we want that port closed to the outside.) So the underlying Java based Zimbra server is running fine. It's something in the NGinx based proxy that is having the issue.
To make things stranger, the SSL cert from LetsEncrypt is held by the Java process, so that's working just fine.
In theory there really isn't nay configuration involved with the Zimbra Proxy. I tried updating the LetsEnrypt cert to ensure that that was not a problem or corrupt in some way. But even after going through that entire process, things remain the same.
Not sure where I should be looking for a place to start. I see nothing in the logs.
-
Apparently this fixes it
$ zmprov md domain.com zimbraVirtualHostname mail.domain.com zimbraVirtualIPAddress 10.0.1.6 $ libexec/zmproxyconfgen $ zmproxyctl restartObviously change it to your enviroment.
-
Does Zimbra have some kind of "trusted proxy" setting or something?
I know many applications have this to assist with working behind a reverse proxy.
-
@jaredbusch said in Proxy Failure on Zimbra 8.8 After Update:
Does Zimbra have some kind of "trusted proxy" setting or something?
I know many applications have this to assist with working behind a reverse proxy.
None of which I know - I assume because it is all one package. The proxy is still part of the base Zimbra installation and logs into the Zimbra directory.
-
@scottalanmiller said in Proxy Failure on Zimbra 8.8 After Update:
@jaredbusch said in Proxy Failure on Zimbra 8.8 After Update:
Does Zimbra have some kind of "trusted proxy" setting or something?
I know many applications have this to assist with working behind a reverse proxy.
None of which I know - I assume because it is all one package. The proxy is still part of the base Zimbra installation and logs into the Zimbra directory.
I was firing blind as I have never used it.
-
We've been through a lot of updates, this is a new issue.
From what I can tell, it looks like the LE cert didn't update properly either. It looks like it is still using the old one that will expire soon.
-
Apparently this fixes it
$ zmprov md domain.com zimbraVirtualHostname mail.domain.com zimbraVirtualIPAddress 10.0.1.6 $ libexec/zmproxyconfgen $ zmproxyctl restartObviously change it to your enviroment.
-
More on this below:
https://forums.zimbra.org/viewtopic.php?t=62695 -
@dbeato said in Proxy Failure on Zimbra 8.8 After Update:
Apparently this fixes it
$ zmprov md domain.com zimbraVirtualHostname mail.domain.com zimbraVirtualIPAddress 10.0.1.6 $ libexec/zmproxyconfgen $ zmproxyctl restartObviously change it to your enviroment.
did this work @scottalanmiller?
-
@wirestyle22 said in Proxy Failure on Zimbra 8.8 After Update:
@dbeato said in Proxy Failure on Zimbra 8.8 After Update:
Apparently this fixes it
$ zmprov md domain.com zimbraVirtualHostname mail.domain.com zimbraVirtualIPAddress 10.0.1.6 $ libexec/zmproxyconfgen $ zmproxyctl restartObviously change it to your enviroment.
did this work @scottalanmiller?
Boom, that did it!
Thanks @dbeato
-
@scottalanmiller said in Proxy Failure on Zimbra 8.8 After Update:
@wirestyle22 said in Proxy Failure on Zimbra 8.8 After Update:
@dbeato said in Proxy Failure on Zimbra 8.8 After Update:
Apparently this fixes it
$ zmprov md domain.com zimbraVirtualHostname mail.domain.com zimbraVirtualIPAddress 10.0.1.6 $ libexec/zmproxyconfgen $ zmproxyctl restartObviously change it to your enviroment.
did this work @scottalanmiller?
Boom, that did it!
Thanks @dbeato
Awesomeness !
