Page 1 of 2
ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Wed Sep 06, 2017 4:56 pm
by phoenix
This was an upgrade from ZCS 8.7.11 and the proxy refuses to start and gives the following error:
Code: Select all
Stopping proxy...proxy is not running.
Starting proxy...nginx: [emerg] duplicate listen options for [::]:443 in /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default:25
failed.
I did run the command from this article before the upgrade:
https://wiki.zimbra.com/wiki/IPv6_Issue ... mbra-proxy
BTW, that article has an incorrect path, Step 2 in the solutions has zimbra spelled as /opt/zimbraa
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Wed Sep 06, 2017 5:06 pm
by ajcody
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Wed Sep 06, 2017 5:11 pm
by phoenix
Thanks Adam, I'll add my comment to that - I would have thought that might get a mention in the release notes as the use of IPv6 is increasing.
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Wed Sep 06, 2017 6:42 pm
by jorgedlcruz
I remember something like this testing, can you please run a yum update or apt-get update/upgrade and see if you have a new nginx module?
Best regards
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Wed Sep 06, 2017 6:51 pm
by phoenix
That would be a "dnf update".
Nothing is available and this is the currently installed version:
Code: Select all
dnf info zimbra-nginx
Last metadata expiration check: 0:00:24 ago on Wed Sep 06 20:49:47 2017 CEST.
Installed Packages
Name : zimbra-nginx
Version : 1.7.1
Release : 1zimbra8.7b7.el7
Arch : x86_64
Size : 1.3 M
Source : zimbra-nginx-1.7.1-1zimbra8.7b7.el7.src.rpm
Repo : @System
From repo : zimbra
Summary : Zimbra's nginx build
URL : http://nginx.org
License : MIT
Description : The Zimbra nginx build
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Thu Sep 07, 2017 1:06 pm
by phoenix
ajcody wrote:Not a package issue, it's a problem with what is being done to the configuration file.
[zimbra irc]
(8:53:48 AM) barrydg: maxxer: Now we could upgrade...
(8:54:29 AM) maxxer: no I cannot, there's a bug on IPv6 proxy
(8:54:41 AM) maxxer:
https://bugzilla.zimbra.com/show_bug.cgi?id=108293
(8:55:13 AM) barrydg: Ahh
(8:55:15 AM) barrydg: Nice
(8:55:57 AM) maxxer: luckily I spotted it with a random install
(8:56:12 AM) maxxer: rather easy to fix, just remove the first stanza of the configuration
I assume that means from the template file as the config is rewritten when you start the proxy?
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Thu Sep 07, 2017 1:15 pm
by ajcody
Not a package issue, it's a problem with what is being done to the configuration file.
[zimbra irc]
(8:53:48 AM) barrydg: maxxer: Now we could upgrade...
(8:54:29 AM) maxxer: no I cannot, there's a bug on IPv6 proxy
(8:54:41 AM) maxxer:
https://bugzilla.zimbra.com/show_bug.cgi?id=108293
(8:55:13 AM) barrydg: Ahh
(8:55:15 AM) barrydg: Nice
(8:55:57 AM) maxxer: luckily I spotted it with a random install
(8:56:12 AM) maxxer: rather easy to fix, just remove the first stanza of the configuration
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Thu Sep 07, 2017 1:34 pm
by ajcody
Not 100% sure, Maxxer and Barry are still talking about it now in IRC. Barry just asked him if he had a patch or would submit one for the bug.
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Thu Sep 07, 2017 1:39 pm
by phoenix
ajcody wrote:Not 100% sure, Maxxer and Barry are still talking about it now in IRC. Barry just asked him if he had a patch or would submit one for the bug.
Yes, it's the template that's the problem. I've just done the following on a test server and it came up fine:
Change to the templates directory and save a copy of the original file.
Code: Select all
cd /opt/zimbra/conf/nginx/templates
cp nginx.conf.web.https.default.template nginx.conf.web.https.default.template.original
Edit the following file and remove the first stanza i.e. just the code in the box below:
vi nginx.conf.web.https.default.template
Code: Select all
server {
${core.ipboth.enabled}listen [::]:${web.https.port} default_server ipv6only=off;
${core.ipv4only.enabled}listen ${web.https.port} default_server;
${core.ipv6only.enabled}listen [::]:${web.https.port} default_server;
ssl on;
ssl_protocols ${web.ssl.protocols};
ssl_prefer_server_ciphers ${web.ssl.preferserverciphers};
ssl_session_cache ${ssl.session.cachesize};
ssl_session_timeout ${ssl.session.timeout};
ssl_ciphers ${web.ssl.ciphers};
ssl_ecdh_curve ${web.ssl.ecdh.curve};
ssl_certificate ${ssl.crt.default};
ssl_certificate_key ${ssl.key.default};
ssl_verify_client ${ssl.clientcertmode.default};
ssl_verify_depth ${ssl.clientcertdepth.default};
${web.ssl.dhparam.enabled}ssl_dhparam ${web.ssl.dhparam.file};
return 444;
}
zmprov ms `zmhostname` zimbraIPMode both ; /opt/zimbra/libexec/zmiptool ; zmcontrol restart - that should all start correctly.
Mind you, I haven't yet tested it with any email - I'll be back with an answer soon.
Re: ZCS 8.8 upgrade failed with IPv6 enabled
Posted: Thu Sep 07, 2017 1:59 pm
by phoenix
That's a more elegant solution than mine, I tend to go for the sledgehammer approach as I'm a novice.
I'll try your patch shortly and post back here.