Proxy does not listens on port http/https

[simred]

Hi,
I just setup ZCS 8.8.9 OSS multi server.
I've only 1 proxy node, with the following services:

[zimbra@ml-fe ~]$ zmprov gs `zmhostname` zimbraServiceEnabled
# name ml-fe.x.internal
zimbraServiceEnabled: memcached
zimbraServiceEnabled: stats
zimbraServiceEnabled: proxy

[zimbra@ml-fe ~]$ zmcontrol status
Host ml-fe.x.internal
memcached Running
proxy Running
stats Running
zmconfigd Running

But no process listen on ports 443 and 80

From: /opt/zimbra/conf/nginx.conf

#############################################################
# NGINX POP/IMAP proxy configuration file for use with Zimbra
#

working_directory /opt/zimbra;
include /opt/zimbra/conf/nginx/includes/nginx.conf.main;
include /opt/zimbra/conf/nginx/includes/nginx.conf.memcache;
include /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup;
include /opt/zimbra/conf/nginx/includes/nginx.conf.mail;
#include /opt/zimbra/conf/nginx/includes/nginx.conf.web;

# Don't edit the below comment

#__SUCCESS__
#############################################################

I see that /opt/zimbra/conf/nginx/includes/nginx.conf.web is commented out....why?

Why Proxy does not listen on http/https ports?
Any helps will be greatly appreciated

Tnx & br

[simred]

Hi,
any news on this?
How can I decomment /opt/zimbra/conf/nginx/includes/nginx.conf.web in /opt/zimbra/conf/nginx.conf ?
I see that it gets commented out automatically on proxy restart.

Tnx & br

[JDunphy]

Perhaps this link could be of some value... https://wiki.zimbra.com/wiki/Enabling_Z ... ng_servers
Specifically, what is the value of this:

Code: Select all

zmprov gs `zmhostname` zimbraReverseProxyHttpEnabled

If not set,

Code: Select all

zmprov ms `zmhostname` zimbraReverseProxyHttpEnabled TRUE
zmprov gs `zmhostname` zimbraReverseProxyHttpEnabled
zmproxyconfig -e -w -o -a 8080:80:8443:443 -x https -H `zmhostname`

Then restart zimbra. Hard to tell how/why it got to this configuration given your posting. Shouldn't be too difficult to get it working.

[simred]

Hi,

[zimbra@ml-fe ~]$ zmprov gs `zmhostname` zimbraReverseProxyHttpEnabled
# name ml-fe.x.internal
zimbraReverseProxyHttpEnabled: TRUE

[zimbra@ml-fe ~]$ zmprov gs `zmhostname` zimbraReverseProxyHttpEnabled
# name ml-fe.x.internal
zimbraReverseProxyHttpEnabled: TRUE

[zimbra@ml-fe ~]$ /opt/zimbra/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x https -H `zmhostname`
[zimbra@ml-fe ~]$ zmcontrol stop
[zimbra@ml-fe ~]$ zmcontrol start

But same problem.

I can add the following detail:

zimbra@ml-fe ~]$ zmprov -v fc all
ERROR: service.INVALID_REQUEST (invalid request: can only be used with SOAP)
com.zimbra.common.service.ServiceException: invalid request: can only be used with SOAP
ExceptionId:main:1532112661932:5f0fc8e039a937f9
Code:service.INVALID_REQUEST
at com.zimbra.common.service.ServiceException.INVALID_REQUEST(ServiceException.java:295)
at com.zimbra.cs.account.ProvUtil.throwSoapOnly(ProvUtil.java:5463)
at com.zimbra.cs.account.ProvUtil.doFlushCache(ProvUtil.java:4398)
at com.zimbra.cs.account.ProvUtil.execute(ProvUtil.java:1127)
at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3959)

Any idea?

Tnx & br.

[JDunphy]

Not just a nginx problem is it? Run this first to make sure we have some sanity here.

Code: Select all

zmprov ms `zmhostname` +zimbraServiceEnabled service
zmprov ms `zmhostname` +zimbraServiceEnabled zimbra
zmprov ms `zmhostname` +zimbraServiceEnabled zimbraAdmin
zmprov ms `zmhostname` +zimbraServiceEnabled zimlet
zmcontrol restart

If this is a new install, please verify with lsof that you don't have other conflicts going on here too. Syntax can be found in the previous link I provided.

[simred]

Hi,
just to confirm that I read the provided link.
Yes this is a fresh install. I applied also Patch 1 on 8.8.9
On host ml-fe I need to only run proxy and memcached (no admin, no service)

[zimbra@ml-fe ~]$ zmprov gs `zmhostname` zimbraServiceEnabled
# name ml-fe.x.internal
zimbraServiceEnabled: memcached
zimbraServiceEnabled: stats
zimbraServiceEnabled: proxy

I verified another working ZCS setup (8.7.11 OSS) and I've the same zimbra services enabled.

[zimbra@ml-fe ~]$ lsof -i :443
[zimbra@ml-fe ~]$

Any idea?

P.S. I verified another working ZCS setup (8.7.11 OSS) I got the same error if I run on the proxy the command "zmprov fc all"...so I think it's a normal behavior (even if I don't know why the error is logged)

Thank you very much for your help.
Br

[JDunphy]

Did you follow the steps in this document for your multi-server install and do you have mailboxd running anywhere? https://zimbra.github.io/installguides/ ... er_install
Run this on your servers

Code: Select all

zmsoap -z GetServiceStatusRequest

lsof needs to run as root

[simred]

Hi,
Yes, I followed the docs https://zimbra.github.io/installguides/8.8.9/multi.html
Yes, I have other mailstore running on other hosts

On Admin UI host:
[zimbra@ml-admin ~]$ zmsoap -z GetServiceStatusRequest
<GetServiceStatusResponse xmlns="urn:zimbraAdmin">
<timezone displayName="Central European Time" id="Europe/Rome"/>
<status server="ml-store03.x.internal" t="1532121960" service="spell">1</status>
<status server="ml-store03.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-store03.x.internal" t="1532121960" service="mailbox">1</status>
<status server="ml-store03.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-store03.x.internal" t="1532121960" service="service">1</status>
<status server="ml-store03.x.internal" t="1532121960" service="zimlet">1</status>
<status server="ml-store01.x.internal" t="1532121960" service="spell">1</status>
<status server="ml-store01.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-store01.x.internal" t="1532121960" service="mailbox">1</status>
<status server="ml-store01.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-store01.x.internal" t="1532121960" service="service">1</status>
<status server="ml-store01.x.internal" t="1532121960" service="zimlet">1</status>
<status server="ml-ldap01.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-ldap01.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-ldap01.x.internal" t="1532121960" service="ldap">1</status>
<status server="ml-store02.x.internal" t="1532121960" service="spell">1</status>
<status server="ml-store02.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-store02.x.internal" t="1532121960" service="mailbox">1</status>
<status server="ml-store02.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-store02.x.internal" t="1532121960" service="service">1</status>
<status server="ml-store02.x.internal" t="1532121960" service="zimlet">1</status>
<status server="ml-mta03.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-mta03.x.internal" t="1532121960" service="opendkim">1</status>
<status server="ml-mta03.x.internal" t="1532121960" service="amavis">1</status>
<status server="ml-mta03.x.internal" t="1532121960" service="antivirus">1</status>
<status server="ml-mta03.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-mta03.x.internal" t="1532121960" service="mta">1</status>
<status server="ml-mta03.x.internal" t="1532121960" service="antispam">1</status>
<status server="ml-mta04.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-mta04.x.internal" t="1532121960" service="antispam">1</status>
<status server="ml-mta04.x.internal" t="1532121960" service="mta">1</status>
<status server="ml-mta04.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-mta04.x.internal" t="1532121960" service="amavis">1</status>
<status server="ml-mta04.x.internal" t="1532121960" service="antivirus">1</status>
<status server="ml-mta04.x.internal" t="1532121960" service="opendkim">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-mta02.x.internal" t="1532121960" service="opendkim">1</status>
<status server="ml-mta02.x.internal" t="1532121960" service="amavis">1</status>
<status server="ml-mta02.x.internal" t="1532121960" service="antispam">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="memcached">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="zimbra">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="zimlet">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="spell">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="logger">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="zimbraAdmin">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-admin.x.internal" t="1532121960" service="service">1</status>
<status server="ml-mta02.x.internal" t="1532121960" service="antivirus">1</status>
<status server="ml-mta02.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-mta02.x.internal" t="1532121960" service="mta">1</status>
<status server="ml-mta02.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-mta01.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-mta01.x.internal" t="1532121960" service="antivirus">1</status>
<status server="ml-mta01.x.internal" t="1532121960" service="antispam">1</status>
<status server="ml-mta01.x.internal" t="1532121960" service="stats">1</status>
<status server="ml-mta01.x.internal" t="1532121960" service="opendkim">1</status>
<status server="ml-mta01.x.internal" t="1532121960" service="amavis">1</status>
<status server="ml-mta01.x.internal" t="1532121960" service="mta">1</status>
<status server="ml-fe.x.internal" t="1532121960" service="proxy">1</status>
<status server="ml-fe.x.internal" t="1532121960" service="memcached">1</status>
<status server="ml-fe.x.internal" t="1532121960" service="zmconfigd">1</status>
<status server="ml-fe.x.internal" t="1532121960" service="stats">1</status>
</GetServiceStatusResponse>


As root:
[root@ml-fe ~]# lsof -i :443
[root@ml-fe ~]#

Please note that /opt/zimbra/conf/nginx/includes/nginx.conf.web in commented out in /opt/zimbra/conf/nginx.conf

Tnx & br

[JDunphy]

I was testing a few things to see why nginx.conf is missing the entry and if ldap was working. You could try this on the proxy.

Code: Select all

libexec/zmproxyconfgen
zmproxyctl restart

I am looking at zmproxyconfgen now as it's perl script.

I don't run 8.8+ so having to guess a bit.

[simred]

Hi,

[zimbra@ml-fe ~]$ /opt/zimbra/libexec/zmproxyconfgen
[] INFO: Strict server name enforcement enabled? false
[] INFO: Web is enabled but there are no HTTP upstream webclient/mailclient servers
[] INFO: Web is enabled but there are no HTTPS upstream webclient/mailclient servers
[] WARN: Configuration is not valid because no route lookup handlers exist, or because no HTTP/HTTPS upstream servers were found
[] WARN: Please ensure that the output of 'zmprov garpu/garpb' returns at least one entry
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.template to file:/opt/zimbra/conf/nginx.conf
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.main.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.main
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.memcache.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.memcache
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.zmlookup.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.imap.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.imap.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imap.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.imaps.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.imaps.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.imaps.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3s.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.mail.pop3s.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.mail.pop3s.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.http
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.https
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.sso.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.sso
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.sso.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.sso.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.admin
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.admin.default.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.admin.default
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.mode-http.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.mode-http
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.mode-https.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.mode-https
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.mode-both.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.mode-both
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.mode-redirect.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.mode-redirect
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.mode-mixed.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.http.mode-mixed
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.mode-http.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.mode-http
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.mode-https.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.mode-https
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.mode-both.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.mode-both
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.mode-redirect.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.mode-redirect
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.mode-mixed.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.web.https.mode-mixed
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.docs.common.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.docs.common
[] INFO: Expanding template:/opt/zimbra/conf/nginx/templates/nginx.conf.docs.upstream.template to file:/opt/zimbra/conf/nginx/includes/nginx.conf.docs.upstream
[] INFO: Proxy configuration files are generated successfully
[zimbra@ml-fe ~]$


[zimbra@ml-fe ~]$ zmproxyctl restart
Stopping proxy...done.
Starting proxy...done.

[zimbra@ml-fe ~]$ cat /opt/zimbra/conf/nginx.conf
# NGINX POP/IMAP proxy configuration file for use with Zimbra
#

working_directory /opt/zimbra;
include /opt/zimbra/conf/nginx/includes/nginx.conf.main;
include /opt/zimbra/conf/nginx/includes/nginx.conf.memcache;
include /opt/zimbra/conf/nginx/includes/nginx.conf.zmlookup;
include /opt/zimbra/conf/nginx/includes/nginx.conf.mail;
#include /opt/zimbra/conf/nginx/includes/nginx.conf.web;

# Don't edit the below comment

#__SUCCESS__

[root@ml-fe ~]# lsof -i :443
[root@ml-fe ~]#

[zimbra@ml-fe ~]$ zmprov garpu
ml-store01.x.internal:7072/service/extension/nginx-lookup ml-store02.x.internal:7072/service/extension/nginx-lookup ml-store03.x.internal:7072/service/extension/nginx-lookup

[zimbra@ml-fe ~]$ zmprov garpb
server ml-store01.x.internal:8443;
server ml-store02.x.internal:8443;
server ml-store03.x.internal:8443;

tnx & br