I have installed zdesktop and it works ok when im in my office.
We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.
Are any constrains about this setup, because zdesktop do not work when im outside.
zdesktop and reverse proxy
zdesktop and reverse proxy
If you have a reverse proxy then it should work. Have you tried it? Are you having problems?
zdesktop and reverse proxy
[quote user="632pbruna"]I have installed zdesktop and it works ok when im in my office.
We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.
Are any constrains about this setup, because zdesktop do not work when im outside.[/QUOTE]
Are you proxying http or https? I've noticed some incidents with https that make life a little more complicated but it still should be possible. Can you give any more details as to what and how you are proxing but not use real IP's?
Here's a couple of example parameters I've needed to proxy for standard 80 and 443:
For 80 (in apache) I'll use Vhosts as an example:
ServerName external.resolved.hostname
ServerAdmin someone@domain.com
NoCache *
ProxyVia on
ProxyPass / http://">http:// IP address being proxied to>/
ProxyPassReverse / http://">http:// IP address being proxied to>/
HTTPS is a bit different:
ServerName external.resolvable.address
ProxyPreserveHost On
ProxyTimeout 100
RedirectMatch ^/$ https://">https://">https://">https://>/
ProxyPass / https://">https://">https://">https://>/
ProxyPassReverse / https://">https://">https://">https://>/
SSLProxyEngine On
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/key.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Ok I know this doesn't solve a problem but I can confirm that both of these configurations work for reverse proxy using apache externally proxying in to another machine/service using both SSL and standard HTTP. If you can confirm a similar setup it should be safe to assume the proxying is working and there might be another issue.
Can you access your webclient outside of work through the reverse proxy? (not using the Zimbra Desktop application)
Regards,
Lonny
We have a Apache-Reverse-Proxy to the Zimbra Server, so when i access from the Internet, Apache responses to me.
Are any constrains about this setup, because zdesktop do not work when im outside.[/QUOTE]
Are you proxying http or https? I've noticed some incidents with https that make life a little more complicated but it still should be possible. Can you give any more details as to what and how you are proxing but not use real IP's?
Here's a couple of example parameters I've needed to proxy for standard 80 and 443:
For 80 (in apache) I'll use Vhosts as an example:
ServerName external.resolved.hostname
ServerAdmin someone@domain.com
NoCache *
ProxyVia on
ProxyPass / http://">http:// IP address being proxied to>/
ProxyPassReverse / http://">http:// IP address being proxied to>/
HTTPS is a bit different:
ServerName external.resolvable.address
ProxyPreserveHost On
ProxyTimeout 100
RedirectMatch ^/$ https://">https://">https://">https://>/
ProxyPass / https://">https://">https://">https://>/
ProxyPassReverse / https://">https://">https://">https://>/
SSLProxyEngine On
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/key.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Ok I know this doesn't solve a problem but I can confirm that both of these configurations work for reverse proxy using apache externally proxying in to another machine/service using both SSL and standard HTTP. If you can confirm a similar setup it should be safe to assume the proxying is working and there might be another issue.
Can you access your webclient outside of work through the reverse proxy? (not using the Zimbra Desktop application)
Regards,
Lonny
zdesktop and reverse proxy
[quote user="jjzhuang"]If you have a reverse proxy then it should work. Have you tried it? Are you having problems?[/QUOTE]
I am having the exact same problem. I have the real zimbra http on the same IP as apache but on port 7070. Web client access works perfectly, activesync also works ok, but zdesktop spits out java exceptions on mailbox.log.
Here is one:
2007-09-05 00:34:22,097 ERROR [Timer-Offline-Main] [] offline - failed to sync account eduardo@
com.zimbra.common.service.ServiceException: resource unreachable: Internal Server Error
at com.zimbra.common.service.ServiceException.RESOURCE_UNREACHABLE(ServiceException.java:197)
at com.zimbra.cs.service.UserServlet.getRemoteResourceInternal(UserServlet.java:1076)
at com.zimbra.cs.service.UserServlet.getRemoteResource(UserServlet.java:1052)
at com.zimbra.cs.mailbox.InitialSync.syncMessage(InitialSync.java:817)
at com.zimbra.cs.mailbox.InitialSync.syncMessagelikeItems(InitialSync.java:317)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSync(InitialSync.java:233)
at com.zimbra.cs.mailbox.InitialSync.prioritySync(InitialSync.java:283)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSync(InitialSync.java:261)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSync(InitialSync.java:272)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSync.java:175)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSync.java:163)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTask.sync(OfflineMailboxManager.java:128)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTask.run(OfflineMailboxManager.java:98)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)
Apache logs at the same time shows this request:
24.232.34.202 - - [05/Sep/2007:00:39:28 -0400] "GET /home/~/?fmt=sync&nohdr=1&id=47903 HTTP/1.1" 500 1682
Thanks.
I am having the exact same problem. I have the real zimbra http on the same IP as apache but on port 7070. Web client access works perfectly, activesync also works ok, but zdesktop spits out java exceptions on mailbox.log.
Here is one:
2007-09-05 00:34:22,097 ERROR [Timer-Offline-Main] [] offline - failed to sync account eduardo@
com.zimbra.common.service.ServiceException: resource unreachable: Internal Server Error
at com.zimbra.common.service.ServiceException.RESOURCE_UNREACHABLE(ServiceException.java:197)
at com.zimbra.cs.service.UserServlet.getRemoteResourceInternal(UserServlet.java:1076)
at com.zimbra.cs.service.UserServlet.getRemoteResource(UserServlet.java:1052)
at com.zimbra.cs.mailbox.InitialSync.syncMessage(InitialSync.java:817)
at com.zimbra.cs.mailbox.InitialSync.syncMessagelikeItems(InitialSync.java:317)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSync(InitialSync.java:233)
at com.zimbra.cs.mailbox.InitialSync.prioritySync(InitialSync.java:283)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSync(InitialSync.java:261)
at com.zimbra.cs.mailbox.InitialSync.initialFolderSync(InitialSync.java:272)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSync.java:175)
at com.zimbra.cs.mailbox.InitialSync.resume(InitialSync.java:163)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTask.sync(OfflineMailboxManager.java:128)
at com.zimbra.cs.mailbox.OfflineMailboxManager$SyncTask.run(OfflineMailboxManager.java:98)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)
Apache logs at the same time shows this request:
24.232.34.202 - - [05/Sep/2007:00:39:28 -0400] "GET /home/~/?fmt=sync&nohdr=1&id=47903 HTTP/1.1" 500 1682
Thanks.
zdesktop and reverse proxy
If it gets that far in the zdesktop log, that means your reverse proxy already works for some URLs but not all. It's choking on the URL /home*. This is not that uncommon because apache mod_proxy config can be very URL specific.
You can try this. After using webclient to login, in the browser window try this URL:
/home/~/?fmt=sync&nohdr=1&id=47903
It">http:///home/~/?fmt=sync&nohdr=1&id=47903
It will probably choke the same way.
You can try this. After using webclient to login, in the browser window try this URL:
/home/~/?fmt=sync&nohdr=1&id=47903
It">http:///home/~/?fmt=sync&nohdr=1&id=47903
It will probably choke the same way.
zdesktop and reverse proxy
[quote user="jjzhuang"]If it gets that far in the zdesktop log, that means your reverse proxy already works for some URLs but not all. It's choking on the URL /home*. This is not that uncommon because apache mod_proxy config can be very URL specific.
You can try this. After using webclient to login, in the browser window try this URL:
/home/~/?fmt=sync&nohdr=1&id=47903
It">http:///home/~/?fmt=sync&nohdr=1&id=47903
It will probably choke the same way.[/QUOTE]
you were right... zimbra chokes and an error 500 appears on the browser window:
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
java.lang.String.substring(String.java:1765)
com.zimbra.cs.service.UserServlet$Context.(UserServlet.java:616)
com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:255)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
com.zimbra.webClient.filters.SetHeaderFilter.doFilter(SetHeaderFilter.java:286)
But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.
Somehow it does not look like an apache misconfiguration...
You can try this. After using webclient to login, in the browser window try this URL:
/home/~/?fmt=sync&nohdr=1&id=47903
It">http:///home/~/?fmt=sync&nohdr=1&id=47903
It will probably choke the same way.[/QUOTE]
you were right... zimbra chokes and an error 500 appears on the browser window:
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
java.lang.String.substring(String.java:1765)
com.zimbra.cs.service.UserServlet$Context.(UserServlet.java:616)
com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:255)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
com.zimbra.webClient.filters.SetHeaderFilter.doFilter(SetHeaderFilter.java:286)
But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.
Somehow it does not look like an apache misconfiguration...
zdesktop and reverse proxy
[quote user="ekaftan"]you were right... zimbra chokes and an error 500 appears on the browser window:
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
java.lang.String.substring(String.java:1765)
com.zimbra.cs.service.UserServlet$Context.(UserServlet.java:616)
com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:255)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689">HttpServlet.service(HttpServlet.java:689)
com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802">HttpServlet.service(HttpServlet.java:802)
com.zimbra.webClient.filters.SetHeaderFilter.doFilter(SetHeaderFilter.java:286)
But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.
Somehow it does not look like an apache misconfiguration...[/QUOTE]
ah... when that error 500 appears, this gets logged in /opt/zimbra/log/mailbox.log:
2007-09-05 01:03:39,433 ERROR [http-7070-Processor99] [name=ekaftan@;mid=2;ip=24.232.34.202;] [UserServlet] - Servlet.service() for servlet UserServlet threw exception
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
at java.lang.String.substring(String.java:1765)
at com.zimbra.cs.service.UserServlet$Context.(UserServlet.java:616)
at com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689">HttpServlet.service(HttpServlet.java:689)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802">HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
java.lang.String.substring(String.java:1765)
com.zimbra.cs.service.UserServlet$Context.(UserServlet.java:616)
com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:255)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689">HttpServlet.service(HttpServlet.java:689)
com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802">HttpServlet.service(HttpServlet.java:802)
com.zimbra.webClient.filters.SetHeaderFilter.doFilter(SetHeaderFilter.java:286)
But apache is correctly proxying the request, zimbra gets it, but something gets changed by apache. The same request, with ':7070' added works fine.
Somehow it does not look like an apache misconfiguration...[/QUOTE]
ah... when that error 500 appears, this gets logged in /opt/zimbra/log/mailbox.log:
2007-09-05 01:03:39,433 ERROR [http-7070-Processor99] [name=ekaftan@;mid=2;ip=24.232.34.202;] [UserServlet] - Servlet.service() for servlet UserServlet threw exception
java.lang.StringIndexOutOfBoundsException: String index out of range: 4
at java.lang.String.substring(String.java:1765)
at com.zimbra.cs.service.UserServlet$Context.(UserServlet.java:616)
at com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689">HttpServlet.service(HttpServlet.java:689)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802">HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
zdesktop and reverse proxy
Most likely this is caused by mod_proxy rewriting the URL then. It's common for proxy code to rewrite URL for various purposes. There is usually a way to turn off URL rewriting in proxy, but I'm not familiar with apache enough to tell you exactly what to do. Hope you can find the document on that and turn that off.
There's probably something wrong with UserServlet (part of zimbra code) as well where the code was not written defensively. That's why it doesn't like the rewritten URL. If you figure out what the rewritten URL is, let us know and that will help us see what's wrong with UserServlet. Thanks!
There's probably something wrong with UserServlet (part of zimbra code) as well where the code was not written defensively. That's why it doesn't like the rewritten URL. If you figure out what the rewritten URL is, let us know and that will help us see what's wrong with UserServlet. Thanks!
zdesktop and reverse proxy
Has there been any updates on this problem?
I have the exact same scenario - zimbra mail server (which works brilliantly) running on Ubuntu LTS 6.06.
The web mail client works well through the apache reverse proxy, but the zimbra desktop client has trouble synchronizing with the above mentioned java error messages.
Has there been any updates to the UserServlet?
I dont have the mod_proxy rewrites turned on as far as i can see, just the proxypass and proxyreversepass in apache.
I have the exact same scenario - zimbra mail server (which works brilliantly) running on Ubuntu LTS 6.06.
The web mail client works well through the apache reverse proxy, but the zimbra desktop client has trouble synchronizing with the above mentioned java error messages.
Has there been any updates to the UserServlet?
I dont have the mod_proxy rewrites turned on as far as i can see, just the proxypass and proxyreversepass in apache.