Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Ask questions about your setup or get help installing ZCS server (ZD section below).
mezza
Posts: 26
Joined: Fri Sep 12, 2014 10:29 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby mezza » Fri Mar 16, 2007 7:24 am

Hi,
I've installed Zimbra on Mac OS X Server 10.4.9 and the basic MTA and IMAP and POP services are all working well.
However, I'm having significant difficulties with getting the web interface to work correctly and any help would be appreciated. I'm trying to use Zimbra with the Apache 1.3 server that comes preinstalled since that's running other static and dynamic sites.
I've also noticed two unusual issues:
A. when trying to restart tomcat in between using zmprov to change settings it complains that it can't connect to the Slapd. Eg:
$sudo -u zimbra /opt/zimbra/bin/tomcat restart

problem reading config from ldap. Make sure ldap is running.

Slapd is definitely running, as is seen if I issue:
$sudo -u zimbra /opt/zimbra/bin/ldap status

slapd running pid: 372

B. The tomcat configuration file in /opt/zimbra/tomcat/conf/server.xml.in is buggy. The SSL section directives are delimited by badly formed comments which causes that entire section to be ignored.



Easy enough to fix, but odd. This prompted me to uninstall and reinstall Zimbra and this is reproducible.
Here's my installation procedure and setup:
1. Downloaded the install-mac.sh posted on the wiki as well as the Zimbra 4.5.3_GA_733 disk image
2. Installed using:
sudo ./install-mac.sh -d zcs-4.5.3_GA_733.MACOSX.dm
g
3. When I get to the zmsetup phase, just accept defaults except set the web server mode to 'mixed' and set zimbraMailPort and zimbraMailSSLPort to 8080 and 8443 respectively (to avoid any potential issues with Tomcat trying to bind to ports which Apache has bound to already)
4. Add ProxyPass and ProxyReversePass directives to the virtual hosts files created by using ServerAdmin eg:


ServerName AAA.XXX.XXX

ServerAdmin XXX@AAA.XXX.XXX

DocumentRoot "/Library/WebServer/Documents"

DirectoryIndex index.html index.php

CustomLog "/var/log/httpd/access_log" "%h %l %u %t "%r" %>s %b"

ErrorLog "/var/log/httpd/error_log"

ErrorDocument 404 /error.html

ProxyPass / http://AAA.XXX.XXX:8080">http://AAA.XXX.XXX:8080/

ProxyPassReverse / http://AAA.XXX.XXX:8080">http://AAA.XXX.XXX:8080/

LogLevel warn


And exactly the same for 443->8443:


ServerName AAA.XXX.XXX

ServerAdmin XXX@AAA.XXX.XXX

DocumentRoot "/Library/WebServer/Documents"

DirectoryIndex index.html index.php

CustomLog "/var/log/httpd/access_log" "%h %l %u %t "%r" %>s %b"

ErrorLog "/var/log/httpd/error_log"

ErrorDocument 404 /error.html

ProxyPass / https://AAA.XXX.XXX:8443">https://AAA.XXX.XXX:8443/

ProxyPassReverse / https://AAA.XXX.XXX:8443">https://AAA.XXX.XXX:8443/

LogLevel warn


With the setup as above, I can connect to the Zimbra webmail interface on port 80, but it doesn't redirect me to 443.
Doing a
curl -i http://localhost:8080
> on the deployment box gives me the response I expect, but
curl -i -k https://localhost:8443
> gives me:
HTTP/1.1 302 Moved Temporarily

Server: Apache-Coyote/1.1

Expires: Tue, 24 Jan 2000 17:46:50 GMT

Cache-control: no-store, no-cache, must-revalidate, max-age=0

Pragma: no-cache

Location: http://localhost:8080/?initMode=https

Content-Type: text/html

Content-Length: 0

Date: Fri, 16 Mar 2007 12:18:20 GMT


Any ideas what's going on?
Thanks in advance.
mezza


jholder
Zimbra Employee
Zimbra Employee
Posts: 4686
Joined: Fri Sep 12, 2014 10:00 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby jholder » Fri Mar 16, 2007 3:41 pm

Ahh 10.4.9 has lots of reported issues in general. I've heard numerous problems with it causing crashes, etc. (Not specifically related to zimbra)
Have you run the zmsetup script?
mezza
Posts: 26
Joined: Fri Sep 12, 2014 10:29 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby mezza » Sat Mar 17, 2007 3:13 am

I did a fresh reinstall on OS X Server, ensuring that the web server was NOT running when I did so. This time, all seems fine and Zimbra's webmail interface is responding to requests on ports 8080 and 8443 after running the zmsetup.pl script, during which I set the mail mode to 'mixed' to force HTTPS authentication.
At this point
curl -i http://FQDN:8080
">http://FQDN:8080> gets me a 302 redirect as expected to https://FQDN:8443, and
curl -i -k https://FQDN:8443
gives me the login page on the server.
The Apache proxying also works fine, and the only issue I'm dealing with is how to handle the 302 redirection from 8443 to 8080 for the login page.
There is still the issue with restarting Tomcat, which is that it claims not to be able to find the running slapd process. So I did a restart using /opt/zimbra/bin/zmcontrol stop and start instead.
Now, without having changed anything on the configuration,
curl -i http://FQDN:8080
">http://FQDN:8080> gets me the insecure login page!?
curl -i -k https://FQDN:8443
gets me nothing!?
So after all this, I am currently unable to get Zimbra to respond to ports 8080 and 8443 correctly.
Any help welcome.
mezza
Posts: 26
Joined: Fri Sep 12, 2014 10:29 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby mezza » Sat Mar 17, 2007 3:42 am

Ok. Did a fresh reinstall of Zimbra (again). Set webmail ports to 8080 and 8443 (SSL) and set mode to 'mixed'.
Zimbra web interface responds on ports 8080 and 8443 as expected and
curl -i http://FQDN:8080">http://FQDN:8080http://FQDN:8080">http://FQDN:8080
> gets me a 302 redirect as expected to https://FQDN">https://FQDN:8443.
The">https://FQDN">https://FQDN:8443.
The Apache Proxy and ProxyPass directives in my original post work fine, and all I'm contending with is how to get the 302 redirects between the secure and insecure ports working properly with a RewriteRule or Redirect directive (more on that later).
Very very concerningly,
sudo /opt/zimbra/bin/tomcat restart 
is still complaining about not being able to reach the LDAP server, and after doing so, Zimbra's webmail interface no longer responds on port 8443, instead of which I get the login page on port 8080. The same thing happens if I use /opt/zimbra/bin/zmcontrol to restart Zimbra.
The only way I am able to get the webmail working again is to rerun the zmsetup.pl script.
Any ideas on what's going on?
Back to the RewriteRule, can anyone tell me why this doesn't work:


ServerName FQDN

ServerAdmin XXX@FQDN2

DocumentRoot "/Library/WebServer/Documents"

DirectoryIndex index.html index.php

CustomLog "/var/log/httpd/access_log" "%h %l %u %t "%r" %>s %b"

ErrorLog "/var/log/httpd/error_log"

ErrorDocument 404 /error.html

Redirect abacus https://FQDN">https://FQDN/

ProxyPass /abacus !

ProxyPass / http://FQDN:8080">http://FQDN:8080/

ProxyPassReverse / http://FQDN:8080">http://FQDN:8080/

ProxyPassReverse /abacus/ https://FQDN">https://FQDN:8443/

LogLevel warn




All I'm doing is to try and get the initial 302 redirect to https://FQDN">https://FQDN:8443 to be rewritten to http://FQDN/abacus/... and then to catch that with a redirect rule to pass it to https://FQDN">https://FQDN. Currently, as I have the insecure and secure ports set to 8080 and 8443, all the redirects are between those two ports when trying to login.
jholder
Zimbra Employee
Zimbra Employee
Posts: 4686
Joined: Fri Sep 12, 2014 10:00 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby jholder » Sun Mar 18, 2007 7:06 pm

What does your hosts file look like?

-john
mezza
Posts: 26
Joined: Fri Sep 12, 2014 10:29 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby mezza » Mon Mar 19, 2007 2:50 am

Hi John,
127.0.0.1 localhost

255.255.255.255 broadcasthost

::1 localhost

XX.XX.XX.XX FQDN
Regards,
mezza
jholder
Zimbra Employee
Zimbra Employee
Posts: 4686
Joined: Fri Sep 12, 2014 10:00 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby jholder » Mon Mar 19, 2007 7:27 pm

Try

127.0.0.1 localhost.localdomain localhost

x.x.x.x hostname.domain hostname
mezza
Posts: 26
Joined: Fri Sep 12, 2014 10:29 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby mezza » Tue Mar 20, 2007 4:21 am

John,
Updated /etc/hosts to ONLY contain the entries you suggested and rebooted the server.
Then ran
sudo -u zimbra /opt/zimbra/bin/zmcontrol start
and checked to see whether the Zimbra webmail interface was running on port 8443 but got no response:
$ curl -i -k https://localhost

curl: (7) couldn't connect to host

I've now restored the /etc/hosts file to it's original, and restarted the server and then started up Zimbra by running the zmsetup.pl script (which seems to be the ONLY way to get Zimbra to start up correctly on my machine).
BR
Mezza
jholder
Zimbra Employee
Zimbra Employee
Posts: 4686
Joined: Fri Sep 12, 2014 10:00 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby jholder » Tue Mar 20, 2007 10:17 am

We don't' bind to localhost in all cases.

What about the fqdn?
mezza
Posts: 26
Joined: Fri Sep 12, 2014 10:29 pm

Problems with Zimbra installation on OS X Server - LDAP and Tomcat

Postby mezza » Wed Mar 21, 2007 11:41 am

Hi John.
No joy. After a
sudo -u zimbra /opt/zimbra/bin/zmcontrol restart
there is no response to port 8443 from the webmail.
Seems to be that there's something that the zmsetup.pl script does that the zmcontrol wrapper script doesn't. Afraid my Perl's useless, but do you know what it might be?
Mezza

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 6 guests