Proxy does not listens on port http/https

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
simred
Advanced member
Advanced member
Posts: 63
Joined: Wed Jun 28, 2017 9:40 am

Re: Proxy does not listens on port http/https

Post by simred »

Hi,
just to add that from /opt/zimbra/conf/nginx/templates/nginx.conf.template I see:

${web.available}${web.enabled}include ${core.includes}/${core.cprefix}.web;

The "#" in /opt/zimbra/conf/nginx.conf seems related to the variables web.available and web.enabled...

...how to better check?

tnx & br
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 889
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 9.0.0_P39 NETWORK Edition

Re: Proxy does not listens on port http/https

Post by JDunphy »

zmproxyconfig generates the nginx proxy configuration files. It reads LDAP settings to replace template variables and generates the final nginx configuration.
Here is the section on 8.7+ that looks to be important in your case.

Code: Select all

       if (isInstalled("zimbra-proxy")) {
           ...
           ...
           if ($options{w}) {
                 if ($options{x}) {
                   $proxyMailMode=$options{x};
                 }
                 chomp($proxyMailMode);
                 print ZMPROV "ms $hostname ".
                 "zimbraMailPort $w1 ".
                 "zimbraMailProxyPort $w2 ".
                 "zimbraMailSSLPort $w3 ".
                 "zimbraMailSSLProxyPort $w4 ".
                 "zimbraReverseProxyMailMode $proxyMailMode ".
                 "zimbraReverseProxyHttpEnabled FALSE\n";

                 #once web proxy is disabled, admin console proxy will be disabled for sure
                 print ZMPROV "ms $hostname ".
                   "zimbraReverseProxyAdminEnabled FALSE ".
                   "zimbraAdminPort $n1 ".
                   "zimbraAdminProxyPort $n2\n";
            }
            $enabledHTTPProxy = getLdapServerValue("zimbraReverseProxyHttpEnabled");
            $enabledMailProxy = getLdapServerValue("zimbraReverseProxyMailEnabled");
            if ($enabledHTTPProxy eq "FALSE" && $enabledMailProxy eq "FALSE" && isEnabled("zimbra-proxy")) {
                 print ZMPROV "ms $hostname ".
                    "-zimbraServiceEnabled proxy\n";
            }
       }
You could look at some of those ldap variables to see what they contain in your environment. Note: -w: Toggle Web proxy portions and -x: the proxy mail mode when enable proxy, or the store mail mode when disable proxy (Both default: http).

Ok... this looks like it might help... https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached Check out the section where they have only a proxy and list this.

Code: Select all

/opt/zimbra/libexec/zmproxyconfig -e -m -H mailbox.node.service.hostname
simred
Advanced member
Advanced member
Posts: 63
Joined: Wed Jun 28, 2017 9:40 am

Re: Proxy does not listens on port http/https

Post by simred »

Hi,
I double checked LDAP properties but I didnt find any problem

On proxy node:

[zimbra@ml-fe ~]$ zmprov gs `zmhostname` zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort zimbraMailSSLProxyPort zimbraReverseProxyMailMode zimbraReverseProxyHttpEnabled zimbraReverseProxyMailEnabled zimbraServiceEnabled zimbraServiceInstalled zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyStrictServerNameEnabled zimbraReverseProxyLookupTarget zimbraMailMode
# name ml-fe.x.internal
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraReverseProxyHttpEnabled: TRUE
zimbraReverseProxyLookupTarget: FALSE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: https
zimbraReverseProxySSLToUpstreamEnabled: TRUE
zimbraReverseProxyStrictServerNameEnabled: FALSE
zimbraServiceEnabled: memcached
zimbraServiceEnabled: stats
zimbraServiceEnabled: proxy
zimbraServiceInstalled: proxy
zimbraServiceInstalled: memcached
zimbraServiceInstalled: stats

On a mailstore node:
[zimbra@ml-store01 ~]$ zmprov gs `zmhostname` zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort zimbraMailSSLProxyPort zimbraReverseProxyMailMode zimbraReverseProxyHttpEnabled zimbraReverseProxyMailEnabled zimbraServiceEnabled zimbraServiceInstalled zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyStrictServerNameEnabled zimbraReverseProxyLookupTarget zimbraMailMode
# name ml-store01.x.internal
zimbraMailMode: https
zimbraMailPort: 8080
zimbraMailProxyPort: 80
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbraReverseProxyHttpEnabled: FALSE
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxySSLToUpstreamEnabled: TRUE
zimbraReverseProxyStrictServerNameEnabled: TRUE
zimbraServiceEnabled: service
zimbraServiceEnabled: zimlet
zimbraServiceEnabled: mailbox
zimbraServiceEnabled: stats
zimbraServiceEnabled: spell
zimbraServiceInstalled: mailbox
zimbraServiceInstalled: stats
zimbraServiceInstalled: spell

I'm trying to understand what's the value of the attributes:
${web.available}
${web.enabled}
from /opt/zimbra/conf/nginx/templates/nginx.conf.template

I would like to understand where/how they are set...in order to remove the "#" in /opt/zimbra/conf/nginx.conf

And also, why I got the following warnings?
[zimbra@ml-fe ~]$ /opt/zimbra/libexec/zmproxyconfgen --dry-run
[] INFO: Strict server name enforcement enabled? false
[] INFO: Web is enabled but there are no HTTP upstream webclient/mailclient servers
[] INFO: Web is enabled but there are no HTTPS upstream webclient/mailclient servers
[] WARN: Configuration is not valid because no route lookup handlers exist, or because no HTTP/HTTPS upstream servers were found
[] WARN: Please ensure that the output of 'zmprov garpu/garpb' returns at least one entry
...


Tnx & br
simred
Advanced member
Advanced member
Posts: 63
Joined: Wed Jun 28, 2017 9:40 am

Re: Proxy does not listens on port http/https

Post by simred »

Hi,
I don't know if it's related to this issue, so I opened a new topic: viewtopic.php?f=15&t=64554

tnx & br
simred
Advanced member
Advanced member
Posts: 63
Joined: Wed Jun 28, 2017 9:40 am

Re: Proxy does not listens on port http/https

Post by simred »

Hi,
I found the following workaround. I don't know if it can be a solution...
From the installer I configured an ADMIN only UI node. I discovered It runs also a mailbox service (don't know why...I would like only UI). So I disabled the service mailbox because I have other dedicate mailbox servers.
As per https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached (Proxy Login Slow)
on admin node I executed:
zmprov ms `zmhostname` zimbraReverseProxyLookupTarget FALSE
This caused the issue!
Now on admin node I restored
zmprov ms `zmhostname` zimbraReverseProxyLookupTarget TRUE

and proxy has the web configuration!

What do you think? It's corrrect to set zimbraReverseProxyLookupTarget TRUE even if it does not run mailbox service?...what about the doc?

tnx & br
Post Reply