nginx closes connection when the Host value is unknown (no zimbraVirtual* set)

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
scantec
Posts: 42
Joined: Mon May 05, 2014 11:55 am

Re: Zimbra Collaboration 8.8 is Now Available

Postby scantec » Thu Dec 14, 2017 10:52 am

Not here. https is broken after upgrade on ubuntu 14.04 from a working 8.7.11, always getting "ERR_EMPTY_RESPONSE" on chrome i.e.

on logs: nginx.log: *26 client closed connection while waiting for request, client: x.x.x.x, server: 0.0.0.0:443

thedead106 wrote:Upgrade from 8.7 to 8.8 on Ubuntu smooth as silk. Good job guys. Now about my GAL issues.


User avatar
jorgedlcruz
Zimbra Employee
Zimbra Employee
Posts: 2735
Joined: Thu May 22, 2014 4:47 pm

Re: Zimbra Collaboration 8.8 is Now Available

Postby jorgedlcruz » Thu Dec 14, 2017 11:15 am

scantec wrote:Not here. https is broken after upgrade on ubuntu 14.04 from a working 8.7.11, always getting "ERR_EMPTY_RESPONSE" on chrome i.e.

on logs: nginx.log: *26 client closed connection while waiting for request, client: x.x.x.x, server: 0.0.0.0:443

thedead106 wrote:Upgrade from 8.7 to 8.8 on Ubuntu smooth as silk. Good job guys. Now about my GAL issues.


Hello, starting ZCS 8.8 you will need to use a valid FQDN which your Zimbra server recognize, like if you have a Zimbra domain zimbra.io, you will be able to log in using mail.zimbra.io, etc, not by the IP.

If you want to use the IP just for a quick check please use the port https://IP:8443, which is jetty, not proxy, that will allow logging in using only the IP.

Best regards
Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
phoenix
Ambassador
Ambassador
Posts: 25214
Joined: Fri Sep 12, 2014 9:56 pm

Re: Zimbra Collaboration 8.8 is Now Available

Postby phoenix » Thu Dec 14, 2017 11:21 am

jorgedlcruz wrote:Hello, starting ZCS 8.8 you will need to use a valid FQDN which your Zimbra server recognize, like if you have a Zimbra domain zimbra.io, you will be able to log in using mail.zimbra.io, etc, not by the IP.
Was this mentioned in the Release Notes?
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
scantec
Posts: 42
Joined: Mon May 05, 2014 11:55 am

Re: Zimbra Collaboration 8.8 is Now Available

Postby scantec » Thu Dec 14, 2017 11:41 am

using FQDN works,

I don't have access to port 8443 port is closed on every systems I checked (only port 8080 works)

jorgedlcruz wrote:
scantec wrote:Not here. https is broken after upgrade on ubuntu 14.04 from a working 8.7.11, always getting "ERR_EMPTY_RESPONSE" on chrome i.e.

on logs: nginx.log: *26 client closed connection while waiting for request, client: x.x.x.x, server: 0.0.0.0:443

thedead106 wrote:Upgrade from 8.7 to 8.8 on Ubuntu smooth as silk. Good job guys. Now about my GAL issues.


Hello, starting ZCS 8.8 you will need to use a valid FQDN which your Zimbra server recognize, like if you have a Zimbra domain zimbra.io, you will be able to log in using mail.zimbra.io, etc, not by the IP.

If you want to use the IP just for a quick check please use the port https://IP:8443, which is jetty, not proxy, that will allow logging in using only the IP.

Best regards
User avatar
jorgedlcruz
Zimbra Employee
Zimbra Employee
Posts: 2735
Joined: Thu May 22, 2014 4:47 pm

Re: Zimbra Collaboration 8.8 is Now Available

Postby jorgedlcruz » Thu Dec 14, 2017 4:01 pm

DuddiZetor wrote:Upgrade from 8.7.5 on ubuntu 16 went smoothly :-)
However, I now get the following error when logging into the web client: ???account.INVALID_ATTR_NAME???
Any ideas?


Hello Duddy,
Are you trying the DNS FQDN? Or just the IP? Any relevant information on the mailbox.log?

Best regards
Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1591
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.6
Contact:

Re: Zimbra Collaboration 8.8 is Now Available

Postby L. Mark Stone » Thu Dec 14, 2017 6:31 pm

jorgedlcruz wrote:
scantec wrote:Not here. https is broken after upgrade on ubuntu 14.04 from a working 8.7.11, always getting "ERR_EMPTY_RESPONSE" on chrome i.e.

on logs: nginx.log: *26 client closed connection while waiting for request, client: x.x.x.x, server: 0.0.0.0:443

thedead106 wrote:Upgrade from 8.7 to 8.8 on Ubuntu smooth as silk. Good job guys. Now about my GAL issues.


Hello, starting ZCS 8.8 you will need to use a valid FQDN which your Zimbra server recognize, like if you have a Zimbra domain zimbra.io, you will be able to log in using mail.zimbra.io, etc, not by the IP.

If you want to use the IP just for a quick check please use the port https://IP:8443, which is jetty, not proxy, that will allow logging in using only the IP.

Best regards


You can get around this restriction, but it's a bit of a process. Here's how we did it...

We wanted to build a new Zimbra multi-tenant hosting farm on the reliablenetworks.com domain, so customers could login via https://proxy.reliablenetworks.com (not the real fqdn BTW...)

But, we didn't want to host email for the reliablenetworks.com domain on this hosting farm.

So what we did was build the new hosting farm's servers with reliablenetworks.com as the default domain, install our wildcard commercial SSL certificate and do much of the other initial deployment work.

Post install, what we did was as follows:

Code: Select all

zmprov rd reliablenetworks.com rnome.net
zmprov cd reliablenetworks.com
zmprov md reliablenetworks.com zimbraMailCatchAllAddress @reliablenetworks.com
zmprov md reliablenetworks.com zimbraMailCatchAllForwardingAddress @reliablenetworks.com
zmprov md reliablenetworks.com zimbraMailTransport smtp:cabernet.reliablenetworks.com
zmprov mcf zimbraVersionCheckNotificationEmailFrom zimbraadmin@rnome.net
zmprov mcf zimbraVersionCheckNotificationEmail zimbraadmin@rnome.net
zmprov mcf zimbraBackupReportEmailRecipients zimbraadmin@rnome.net
zmprov mcf zimbraBackupReportEmailSender zimbraadmin@rnome.net

*** On all servers we then ran: ***
zmlocalconfig -e av_notify_domain='rnome.net'
zmlocalconfig -e av_notify_user='zimbraadmin@rnome.net'
zmlocalconfig -e smtp_destination='zimbraadmin@rnome.net'
zmlocalconfig -e smtp_source='zimbraadmin@rnome.net'
zmprov ms `zmhostname` zimbraBackupReportEmailRecipients zimbraadmin@rnome.net
zmprov ms `zmhostname` zimbraBackupReportEmailSender zimbraadmin@rnome.net

*** And finally: ***
zmprov fc all


We noted that the Admin Console would not even load after we renamed the domain FWIW. We needed to create the reliablenetworks.com domain before things would work again.

*** UPDATE 1 *** I may have spoken too soon... The Admin Console works OK but not the regular web interface; still getting "client closed connection while waiting for request" errors. More work to do; will update this post when I have more info.

*** UPDATE 2 *** This looks promising: https://bugzilla.zimbra.com/show_bug.cgi?id=108299#c7 Will try this tomorrow and update this post at that time.

*** UPDATE 3 :: ALL FIXED! *** Per Malte's suggestions in bugzilla 108299 (not in 8.8.5 BTW), we ran the following commands and then we were able to log in to both the end-user console and the Admin Console via the proxy, using an rnome.net account.

Code: Select all

zimbra@securemail:~$ zmprov md rnome.net zimbraVirtualHostname securemail.reliablenetworks.com
zimbra@securemail:~$ zmprov md rnome.net +zimbraVirtualHostname zmail.reliablenetworks.com
zimbra@securemail:~$ zmprov gd rnome.net | grep -i virtual
zimbraVirtualHostname: securemail.reliablenetworks.com
zimbraVirtualHostname: zmail.reliablenetworks.com
zimbra@securemail:~$ libexec/zmproxyconfgen
<snipped most output from zmproxyconfgen>
[] INFO: Proxy configuration files are generated successfully
zimbra@securemail:~$ zmproxyctl restart
Stopping proxy...done.
Starting proxy...done.
zimbra@securemail:~$ 


Hope that helps others,
Mark
________________________________________________
L. Mark Stone
Zeta Alliance http://www.zetalliance.org/
User avatar
msquadrat
Advanced member
Advanced member
Posts: 117
Joined: Mon Oct 14, 2013 10:09 am

Re: Zimbra Collaboration 8.8 is Now Available

Postby msquadrat » Thu Dec 14, 2017 6:54 pm

jorgedlcruz wrote:
scantec wrote:Not here. https is broken after upgrade on ubuntu 14.04 from a working 8.7.11, always getting "ERR_EMPTY_RESPONSE" on chrome i.e.

on logs: nginx.log: *26 client closed connection while waiting for request, client: x.x.x.x, server: 0.0.0.0:443

thedead106 wrote:Upgrade from 8.7 to 8.8 on Ubuntu smooth as silk. Good job guys. Now about my GAL issues.


Hello, starting ZCS 8.8 you will need to use a valid FQDN which your Zimbra server recognize, like if you have a Zimbra domain zimbra.io, you will be able to log in using mail.zimbra.io, etc, not by the IP.


Umm... wasn't this supposed to be fixed in 8.8 and the "security feature" only enabled on request? I mean we saw the fallout of this change in September (I think it was one of the most discussed beta issues) and the change was merged last month or so and it still wasn't included in the GA? Seriously?
10424bofh
Outstanding Member
Outstanding Member
Posts: 284
Joined: Sat Sep 13, 2014 1:15 am

Re: Zimbra Collaboration 8.8 is Now Available

Postby 10424bofh » Thu Dec 14, 2017 9:44 pm

msquadrat wrote:
jorgedlcruz wrote:
scantec wrote:Not here. https is broken after upgrade on ubuntu 14.04 from a working 8.7.11, always getting "ERR_EMPTY_RESPONSE" on chrome i.e.

on logs: nginx.log: *26 client closed connection while waiting for request, client: x.x.x.x, server: 0.0.0.0:443



Hello, starting ZCS 8.8 you will need to use a valid FQDN which your Zimbra server recognize, like if you have a Zimbra domain zimbra.io, you will be able to log in using mail.zimbra.io, etc, not by the IP.


Umm... wasn't this supposed to be fixed in 8.8 and the "security feature" only enabled on request? I mean we saw the fallout of this change in September (I think it was one of the most discussed beta issues) and the change was merged last month or so and it still wasn't included in the GA? Seriously?


Uhm guys i know it soudns stupid and maybe it doesnt mean anything but i though its wierd that all files (at least in the ubuntu package) have the date of oct 26
i wonder why this is and if maybe, jsut maybe we have here an older build as an release
User avatar
msquadrat
Advanced member
Advanced member
Posts: 117
Joined: Mon Oct 14, 2013 10:09 am

Re: Zimbra Collaboration 8.8 is Now Available

Postby msquadrat » Thu Dec 14, 2017 10:01 pm

10424bofh wrote:
msquadrat wrote:
jorgedlcruz wrote:
Hello, starting ZCS 8.8 you will need to use a valid FQDN which your Zimbra server recognize, like if you have a Zimbra domain zimbra.io, you will be able to log in using mail.zimbra.io, etc, not by the IP.


Umm... wasn't this supposed to be fixed in 8.8 and the "security feature" only enabled on request? I mean we saw the fallout of this change in September (I think it was one of the most discussed beta issues) and the change was merged last month or so and it still wasn't included in the GA? Seriously?


Uhm guys i know it soudns stupid and maybe it doesnt mean anything but i though its wierd that all files (at least in the ubuntu package) have the date of oct 26
i wonder why this is and if maybe, jsut maybe we have here an older build as an release


You're right, I didn't look at the build date before but this release was obviously built in October: zcs-NETWORK-8.8.5_GA_1894.UBUNTU16_64.20171026035615. I'm sure this must have been a mistake.
User avatar
jorgedlcruz
Zimbra Employee
Zimbra Employee
Posts: 2735
Joined: Thu May 22, 2014 4:47 pm

nginx closes connection when the Host value is unknown (no zimbraVirtual* set)

Postby jorgedlcruz » Fri Dec 15, 2017 11:20 am

Hello guys,
In ZCS 8.8 we make some changes on the way nginx behaves, we included this and be controlled with the command - zimbraReverseProxyStrictServerName, available starting ZCS 8.8.6 and above.

More information about the topic can be found here:

As the GA Release we have is ZCS 8.8.5, we will need to wait a few weeks until 8.8.6 goes out.

Best regards
Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/

Return to “Administrators”

Who is online

Users browsing this forum: vladsol and 28 guests