Hello all,
Need a hand with isolating the issue with accessing Zimbra WebUI over SSL port. I applied the P2 to P3 patch by running apt-get upgrade which "might" have broken my instance.
Since then, downloaded the official FOSS 8.8.15_P3 and reran the ./install.sh upgrade script.
From what I recall in troubleshooting it earlier, I had an old jar packages which didn't get cleaned up during the upgrade and I am wondering if something still stale elsewhere.
I can still access Zimbra Admin UI over :7071 and netstat shows listening, but don't see a listener socket on :443 or 80
root@mail:~# netstat -an | grep 443
tcp 0 0 10.0.0.25:8443 0.0.0.0:* LISTEN
Checked /opt/zimbra/log/httpd_error.log.2019-10-22, nothing showing out of ordinary.
[Tue Oct 22 11:37:17.869831 2019] [mpm_event:notice] [pid 28718:tid 140611549583168] AH00489: Apache/2.4.38 (Unix) PHP/7.3.1 configured -- resuming normal operations
[Tue Oct 22 11:37:17.870229 2019] [core:notice] [pid 28718:tid 140611549583168] AH00094: Command line: '/opt/zimbra/common/bin/httpd -f /opt/zimbra/conf/httpd.conf'
zimbra@mail:~$ zmcontrol -v
Release 8.8.15.GA.3869.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.8.15_P3.
zimbra@mail:~$ zmcontrol status
Host mail.example.com
amavis Running
antispam Running
antivirus Running
dnscache Running
imapd Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
What other output/logs can I check to validate the issue?
Unable to access Zimbra WebUI after 8.8.15P3 upgrade
- L. Mark Stone
- Ambassador
- Posts: 2800
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: Unable to access Zimbra WebUI after 8.8.15P3 upgrade
I have seen during some upgrades that the zimbraReverseProxyMailMode value gets changed from "redirect" back to the default "https".
On your proxy server you can run:
to see what's what. If the value is set to something other than redirect, then just do:
Hope that helps,
Mark
On your proxy server you can run:
Code: Select all
zimbra@zimbra:~$ zmprov gs `zmhostname` | grep redirect
zimbraReverseProxyMailMode: redirect
zimbra@zimbra:~$
Code: Select all
zmprov ms `zmhostname` zimbraReverseProxyMailMode: redirect
zmproxyctl restart
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: Unable to access Zimbra WebUI after 8.8.15P3 upgrade
Hi Mark, I tried a few different scenarios and neither one reveals the original functionality of having user WebUI accessible via 80/443 ports, however I did realized that 8443 is working as expected.
How do I configure the Proxy to listen on 443 for the end users and redirect to 8443 on the backend?
Tried playing with WebProxy and Upstream SSL settings on the Admin interface, none of them seems to be doing what I am after at this point
Thanks!
How do I configure the Proxy to listen on 443 for the end users and redirect to 8443 on the backend?
Code: Select all
zimbra@mail:~$ zmprov gs `zmhostname` | grep redirect
zimbraReverseProxyMailMode: redirect
Tried playing with WebProxy and Upstream SSL settings on the Admin interface, none of them seems to be doing what I am after at this point
Thanks!
- JDunphy
- Outstanding Member
- Posts: 897
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Unable to access Zimbra WebUI after 8.8.15P3 upgrade
Is nginx running? If not, verify the hostname lookup didn't fail. Generally, zmproxyconfig is how you assign the ports and get nginx to listen on them and then proxy requests to the services/ports. Link below has about everything you need to know to get nginx setup correctly.
Ref:https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached
You could probably get pretty close to discovering root cause by taking what Mark gave you and look a little deeper.
Another method after verifying that nginx is running with ps would be do look directly at the nginx configuration files to make sure there are listen directives for 443, etc. I think they keep it /opt/zimbra/conf/nginx/includes so...
If you see 443 commented out, then you probably should run that zmproxyconfig again.
Ref:https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached
You could probably get pretty close to discovering root cause by taking what Mark gave you and look a little deeper.
Code: Select all
# su - zimbra
% zmprov gs `zmhostname` |grep -i proxy
...
...
% zmprov gs `zmhostname` |grep -i proxy |grep 443
Code: Select all
cd /opt/zimbra/conf/nginx/includes
grep listen * | grep 443
Re: Unable to access Zimbra WebUI after 8.8.15P3 upgrade
In my case, NGINX was running fine but the Proxy config was missing the proper redirects under the Web Proxy Configuration.
Hope it helps others that are running into the same dilemma
1. The document "Enable Zimbra Proxy" definetely helped with troubleshooting
https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached
Here are the steps from the above link^
In this example, the Proxy Server simply mapping the Pub to Priv ports
PS. Thanks everyone for your assistance!
Hope it helps others that are running into the same dilemma
1. The document "Enable Zimbra Proxy" definetely helped with troubleshooting
https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached
Here are the steps from the above link^
Code: Select all
zimbra@mail:~$ ./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`
zimbra@mail:~$ /opt/zimbra/libexec/zmproxyconfig -e -m -H mail.example.com
zimbra@mail:~$ lsof -i :443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 3162 zimbra 11u IPv4 4234532 0t0 TCP *:https (LISTEN)
nginx 3163 zimbra 11u IPv4 4234532 0t0 TCP *:https (LISTEN)
nginx 3164 zimbra 11u IPv4 4234532 0t0 TCP *:https (LISTEN)
nginx 3165 zimbra 11u IPv4 4234532 0t0 TCP *:https (LISTEN))
zimbra@mail:~$ zmcontrol restart
PS. Thanks everyone for your assistance!