Can't redirect http to https
Can't redirect http to https
Hi,
I just installed ssl certificate in my zimbra server. However, the webmail login page can't redirect to https. When I access http://myemailserver.domain.com, it returns This site can't be reached. But when I access https://myemailserver.domain.com, the webmail login page appear successfully.
I have tried this solution here https://wiki.zimbra.com/wiki/Enabling_Z ... S_Redirect but it doesn't work. Is there any other solution?
I just installed ssl certificate in my zimbra server. However, the webmail login page can't redirect to https. When I access http://myemailserver.domain.com, it returns This site can't be reached. But when I access https://myemailserver.domain.com, the webmail login page appear successfully.
I have tried this solution here https://wiki.zimbra.com/wiki/Enabling_Z ... S_Redirect but it doesn't work. Is there any other solution?
Re: Can't redirect http to https
Thanks for your reply. Currently I've adviced users to access via https. Is there other way to set redirect the http to the https page?
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: Can't redirect http to https
did you try to telnet the port number 80 on your remote email server ?
Regards,
Regards,
- L. Mark Stone
- Ambassador
- Posts: 2800
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: Can't redirect http to https
Best to set the server running Zimbra's Proxy service to "redirect" mode. As the zimbra user, you can run on the proxy server:
Both 80 and 443 need to open in your firewall, but if the zimbraReverseProxyMailMode attribute was set to "https", then trying to telnet in to port 80 will fail as the proxy will not be listening on that port at all.
Hope that helps,
Mark
Code: Select all
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
zmproxyctl restart
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: Can't redirect http to https
I tried to telnet but it returns Trying....xx.xx.xx.xx. with no response.DualBoot wrote:did you try to telnet the port number 80 on your remote email server ?
Regards,
Re: Can't redirect http to https
I ran the zmprov gs command and below is the result :L. Mark Stone wrote:Best to set the server running Zimbra's Proxy service to "redirect" mode. As the zimbra user, you can run on the proxy server:
Both 80 and 443 need to open in your firewall, but if the zimbraReverseProxyMailMode attribute was set to "https", then trying to telnet in to port 80 will fail as the proxy will not be listening on that port at all.Code: Select all
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect zmproxyctl restart
Hope that helps,
Mark
[zimbra@mail ~]$ zmprov gs `zmhostname` zimbraMailPort zimbraMailProxyPort zimbraMailSSLPort zimbraMailSSLProxyPort zimbraReverseProxyMailMode zimbraReverseProxyHttpEnabled zimbraReverseProxyMailEnabled zimbraServiceEnabled zimbraServiceInstalled zimbraReverseProxySSLToUpstreamEnabled zimbraReverseProxyStrictServerNameEnabled zimbraReverseProxyLookupTarget zimbraMailMode
# name mail.mydomain.com
zimbraMailMode: https
zimbraMailPort: 80
zimbraMailProxyPort: 0
zimbraMailSSLPort: 443
zimbraMailSSLProxyPort: 0
zimbraReverseProxyHttpEnabled: FALSE
zimbraReverseProxyLookupTarget: TRUE
zimbraReverseProxyMailEnabled: TRUE
zimbraReverseProxyMailMode: redirect
zimbraReverseProxySSLToUpstreamEnabled: TRUE
zimbraReverseProxyStrictServerNameEnabled: FALSE
I will check with my network admin regarding the 80 and 443 port.
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: Can't redirect http to https
zimbraMailMode: https
This one is wrong, your mailbox is listening only on 443.
This one is wrong, your mailbox is listening only on 443.
- L. Mark Stone
- Ambassador
- Posts: 2800
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: Can't redirect http to https
To expand on what Dual Boot has reported, both the Proxy Service and the Mailbox Service need to be configured correctly for proxy to work. And by "correctly" I mean that both Services need to agree on Ports and Protocols. For example:
443 is the port which the public-facing side of the Proxy Service listens on, and 8443 is the port that the mailbox-facing side of the Proxy and Mailbox Services use for this same traffic.
Note there are separate pairs of attributes for IMAPS, POP3S, etc., as each of those uses separate ports.
That takes care of the ports, now on to the Protocols. The protocol the Proxy uses to connect to both users and the mailbox service is determined by the attribute zimbraReverseProxyMailMode. If that attribute is set to redirect or https, then the Proxy Service will talk to users and mailboxd on https. For this to work, mailboxd needs to be configured to use the https protocol as well, and that attribute is zimbraMailMode.
I'm guessing the root cause of your problem is more than just getting the Proxy Service to redirect, or to open up a port in your firewall, so I'd like to suggest this wiki: https://wiki.zimbra.com/wiki/Enabling_Z ... ng_servers for detailed information in the section about how to configure proxy in an existing environment.
Hope that helps,
Mark
Code: Select all
zimbra@mail2:~$ zmprov gs mb18.missioncriticalemail.com | grep "SSLPort\|SSLProxyPort"
zimbraMailSSLPort: 8443
zimbraMailSSLProxyPort: 443
zimbra@mail2:~$
Note there are separate pairs of attributes for IMAPS, POP3S, etc., as each of those uses separate ports.
That takes care of the ports, now on to the Protocols. The protocol the Proxy uses to connect to both users and the mailbox service is determined by the attribute zimbraReverseProxyMailMode. If that attribute is set to redirect or https, then the Proxy Service will talk to users and mailboxd on https. For this to work, mailboxd needs to be configured to use the https protocol as well, and that attribute is zimbraMailMode.
I'm guessing the root cause of your problem is more than just getting the Proxy Service to redirect, or to open up a port in your firewall, so I'd like to suggest this wiki: https://wiki.zimbra.com/wiki/Enabling_Z ... ng_servers for detailed information in the section about how to configure proxy in an existing environment.
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: Can't redirect http to https
Thank you Mark for the assistance. I will try it out and hopefully it will turns out well. Will the incorrect configuration affect the traffic in the mail server now? And how should it looked like (by running command zmprov gs) after proxy being configured correctly? Sorry, I'm new to this.
- L. Mark Stone
- Ambassador
- Posts: 2800
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: Can't redirect http to https
The MTA side of things should be just fine as is, so the server will continue to receive mail OK, and smtp-auth users (port 587/465) should still be able to send email.
But given the current state of this, I’d not worry about what good settings zmprov gs should return and instead I’d focus on running the suite of proxy configure commands in the wiki to get everything back to working order.
Not sure I saw what version you are running, but if Network Edition you are totally entitled to open a Support Case and get help for something like this.
All the best,
Mark
But given the current state of this, I’d not worry about what good settings zmprov gs should return and instead I’d focus on running the suite of proxy configure commands in the wiki to get everything back to working order.
Not sure I saw what version you are running, but if Network Edition you are totally entitled to open a Support Case and get help for something like this.
All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate