[SOLVED] No Zimbra Talk pop up/window
Posted: Wed Aug 17, 2016 1:08 pm
Hello, I am having some troubles with Zimbra Talk in a multiserver, split DNS environment.
After my colleagues installed Zimbra 8.7 (commercial version, we are planning to sell Zimbra as a service) and made some preliminary tests, they asked me to do some more testing on the mail part and
then integrate the Talk part.
All my tests were just fine until I tried Zimbra Talk integration.
Differently from what I read in other threads, I have the Zimbra Talk tab, I can see my contacts by clicking "Manage IM Contacts", but I have no talk window/pop up in the
right low corner.
As I told, the Zimbra installation is splitted on four servers:
ldap01.mydomain.tld (LDAP, 10.1.1.20
mta01.mydomain.tld (MTA and proxy, 10.1.1.40)
mbox01.mydomain.tld (Mailstore, 10.1.1.60)
web01.mydomain.tld (Web UI, 10.1.1.80)
All of the above are CentOS 7.2
I added then a fifth server, Ubuntu 14.04, and installed Zimbra Talk following the guide on your wiki
talk01.mydomain.tld (Talk server, 10.1.1.90)
At the moment I have a single public IP with the requested port forwardings for the proxy and the talk servers.
dnsmasq on ldap01 resolves names for all the Zimbra machines, I have then an authoritative server for
mydomain.tld for the public part.
All the above names (ldap01, mta01, mbox01, web01, talk01) have an A record pointing to the only
public IP address I am using at the moment; my colleagues previously configured a CNAME too, mail.mydomain.tld
pointing to mta01.mydomain.tld
Moreover, I have a wildcard certificate for *.mydomain.tld so SSL isn't a problem.
What I have found by using Chrome developer tools is that if I call my Zimbra web interface using mail.mydomain.tld I have
the following problems:
XMLHttpRequest cannot load https://talk01.mydomain.tld/checkauth/global. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'https://mail.mydomain.tld' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
mail.postway.it/:2260 ------------------------------------- Loading package: ZimletApp
and then, after several seconds, I see this:
https://10.1.1.90/mini/stylesheets/mini.css Failed to load resource: net::ERR_CONNECTION_TIMED_OUT (i am accessing the web interface from a public network)
To bypass the cross-origin issue I did two different tests, first disabling cross domain checks on the browser and then
using talk01.mydomain.tld instead of mail.mydomain.tld in the address bar.
In both cases I had the same following problems:
https://talk01.mydomain.tld/checkauth/global Failed to load resource: the server responded with a status of 404 (Not Found)
and again
https://10.1.1.90/mini/stylesheets/mini.css Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
It's clear to me that I have some name-related and reversing proxying problems, but after having tried to debug on my own, I decided
to ask to avoid messing up the environment.
Thanks for any help or hint you can give me.
Kind regards.
After my colleagues installed Zimbra 8.7 (commercial version, we are planning to sell Zimbra as a service) and made some preliminary tests, they asked me to do some more testing on the mail part and
then integrate the Talk part.
All my tests were just fine until I tried Zimbra Talk integration.
Differently from what I read in other threads, I have the Zimbra Talk tab, I can see my contacts by clicking "Manage IM Contacts", but I have no talk window/pop up in the
right low corner.
As I told, the Zimbra installation is splitted on four servers:
ldap01.mydomain.tld (LDAP, 10.1.1.20
mta01.mydomain.tld (MTA and proxy, 10.1.1.40)
mbox01.mydomain.tld (Mailstore, 10.1.1.60)
web01.mydomain.tld (Web UI, 10.1.1.80)
All of the above are CentOS 7.2
I added then a fifth server, Ubuntu 14.04, and installed Zimbra Talk following the guide on your wiki
talk01.mydomain.tld (Talk server, 10.1.1.90)
At the moment I have a single public IP with the requested port forwardings for the proxy and the talk servers.
dnsmasq on ldap01 resolves names for all the Zimbra machines, I have then an authoritative server for
mydomain.tld for the public part.
All the above names (ldap01, mta01, mbox01, web01, talk01) have an A record pointing to the only
public IP address I am using at the moment; my colleagues previously configured a CNAME too, mail.mydomain.tld
pointing to mta01.mydomain.tld
Moreover, I have a wildcard certificate for *.mydomain.tld so SSL isn't a problem.
What I have found by using Chrome developer tools is that if I call my Zimbra web interface using mail.mydomain.tld I have
the following problems:
XMLHttpRequest cannot load https://talk01.mydomain.tld/checkauth/global. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'https://mail.mydomain.tld' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
mail.postway.it/:2260 ------------------------------------- Loading package: ZimletApp
and then, after several seconds, I see this:
https://10.1.1.90/mini/stylesheets/mini.css Failed to load resource: net::ERR_CONNECTION_TIMED_OUT (i am accessing the web interface from a public network)
To bypass the cross-origin issue I did two different tests, first disabling cross domain checks on the browser and then
using talk01.mydomain.tld instead of mail.mydomain.tld in the address bar.
In both cases I had the same following problems:
https://talk01.mydomain.tld/checkauth/global Failed to load resource: the server responded with a status of 404 (Not Found)
and again
https://10.1.1.90/mini/stylesheets/mini.css Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
It's clear to me that I have some name-related and reversing proxying problems, but after having tried to debug on my own, I decided
to ask to avoid messing up the environment.
Thanks for any help or hint you can give me.
Kind regards.