Unable to access Zimbra WebUI after 8.8.15P3 upgrade

[mike15]

Hello all,

Need a hand with isolating the issue with accessing Zimbra WebUI over SSL port. I applied the P2 to P3 patch by running apt-get upgrade which "might" have broken my instance.
Since then, downloaded the official FOSS 8.8.15_P3 and reran the ./install.sh upgrade script.

From what I recall in troubleshooting it earlier, I had an old jar packages which didn't get cleaned up during the upgrade and I am wondering if something still stale elsewhere.

I can still access Zimbra Admin UI over :7071 and netstat shows listening, but don't see a listener socket on :443 or 80

root@mail:~# netstat -an | grep 443
tcp 0 0 10.0.0.25:8443 0.0.0.0:* LISTEN

Checked /opt/zimbra/log/httpd_error.log.2019-10-22, nothing showing out of ordinary.

[Tue Oct 22 11:37:17.869831 2019] [mpm_event:notice] [pid 28718:tid 140611549583168] AH00489: Apache/2.4.38 (Unix) PHP/7.3.1 configured -- resuming normal operations
[Tue Oct 22 11:37:17.870229 2019] [core:notice] [pid 28718:tid 140611549583168] AH00094: Command line: '/opt/zimbra/common/bin/httpd -f /opt/zimbra/conf/httpd.conf'

zimbra@mail:~$ zmcontrol -v
Release 8.8.15.GA.3869.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.8.15_P3.

zimbra@mail:~$ zmcontrol status
Host mail.example.com
amavis Running
antispam Running
antivirus Running
dnscache Running
imapd Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running

What other output/logs can I check to validate the issue?

[L. Mark Stone]

I have seen during some upgrades that the zimbraReverseProxyMailMode value gets changed from "redirect" back to the default "https".

On your proxy server you can run:

Code: Select all

zimbra@zimbra:~$ zmprov gs `zmhostname` | grep redirect
zimbraReverseProxyMailMode: redirect
zimbra@zimbra:~$ 

to see what's what. If the value is set to something other than redirect, then just do:

Code: Select all

zmprov ms `zmhostname` zimbraReverseProxyMailMode: redirect
zmproxyctl restart

Hope that helps,
Mark

[mike15]

Hi Mark, I tried a few different scenarios and neither one reveals the original functionality of having user WebUI accessible via 80/443 ports, however I did realized that 8443 is working as expected.
How do I configure the Proxy to listen on 443 for the end users and redirect to 8443 on the backend?

Code: Select all

zimbra@mail:~$ zmprov gs `zmhostname` | grep redirect
zimbraReverseProxyMailMode: redirect

Tried playing with WebProxy and Upstream SSL settings on the Admin interface, none of them seems to be doing what I am after at this point

Thanks!

[JDunphy]

Is nginx running? If not, verify the hostname lookup didn't fail. Generally, zmproxyconfig is how you assign the ports and get nginx to listen on them and then proxy requests to the services/ports. Link below has about everything you need to know to get nginx setup correctly.

Ref:https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached

You could probably get pretty close to discovering root cause by taking what Mark gave you and look a little deeper.

Code: Select all

# su - zimbra
% zmprov gs `zmhostname` |grep -i proxy 
...
...
%  zmprov gs `zmhostname` |grep -i proxy |grep 443

Another method after verifying that nginx is running with ps would be do look directly at the nginx configuration files to make sure there are listen directives for 443, etc. I think they keep it /opt/zimbra/conf/nginx/includes so...

Code: Select all

cd /opt/zimbra/conf/nginx/includes
grep listen * | grep 443

If you see 443 commented out, then you probably should run that zmproxyconfig again.

[mike15]

In my case, NGINX was running fine but the Proxy config was missing the proper redirects under the Web Proxy Configuration.

Hope it helps others that are running into the same dilemma

1. The document "Enable Zimbra Proxy" definetely helped with troubleshooting
https://wiki.zimbra.com/wiki/Enabling_Z ... _memcached

Here are the steps from the above link^

Code: Select all

zimbra@mail:~$ ./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both  -H `zmhostname`
zimbra@mail:~$ /opt/zimbra/libexec/zmproxyconfig -e -m -H mail.example.com

zimbra@mail:~$ lsof -i :443
COMMAND  PID   USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
nginx   3162 zimbra   11u  IPv4 4234532      0t0  TCP *:https (LISTEN)
nginx   3163 zimbra   11u  IPv4 4234532      0t0  TCP *:https (LISTEN)
nginx   3164 zimbra   11u  IPv4 4234532      0t0  TCP *:https (LISTEN)
nginx   3165 zimbra   11u  IPv4 4234532      0t0  TCP *:https (LISTEN))

zimbra@mail:~$ zmcontrol restart

In this example, the Proxy Server simply mapping the Pub to Priv ports

PS. Thanks everyone for your assistance!